Microsoft Word offers a feature to protect document contents from being changed while still allowing users to view the document. However, this protection is easily removeable, especially due to the nature of Microsoft Office docx files being just a zip folder containing XML files.


Nobody will admit this with pride, but this world's economy and governments are running on the sometimes doubtful power of Microsoft Office. So these documents are everywhere, used for every purpose you can think of -- and purposes you'd never think of. One popular use case in companies is to build forms which then are to be filled out and sent back by email or just printed. So, think PDF forms without the PDF. There are two ways to do that -- either just create your document and ask people nicely to fill out the form. That'll do in 8 of 10 times. In 2 of 10 times, fuckin users will vandalize the nice and neat document. 1 of those 2 will do it by accident and the other because he felt it was the right thing to do. People are assholes, no surprise here, move on, wave and smile.
To combat that effect, Micorosoft offers a protection to the document by the means of password protected edit restrictions, that is, the user will still be able to enter (and save) text in the form elements of the document but not change the rest of it. In a German version of MS Office the protection will be activated like this:

Therafter, you cannot just edit the document. If you want to edit, you have to to deactivate the protection first. And if you don't have the password -- well, sucks to be you.


Just remove the XML-tag sayin' that the document is edit-protected and with which password. Yep, that's all. And thanks to docx-files being just a zip container, you won't even need any fancy tools -- you can do this with preshipped windows-tools:



This protection is not intended as a hard-to-break content protection. If you don't believe me try to complete the following sentence: Even with this protection switched on, you can still r__d the fucking document. Also, it's called edit protection. Thus, it's never been an development objective to completely rule out editing. For the user will always be able to just re-create the document in question. Yeah, it might not be the same document. Giant who cares. Everyday things to happen in offices around the world. Thus it's not surprising that it's possible to remove this protection with very reasonable resources.

On a technical level, what'd be the alternatives? No, not fucking with you here -- what are the alternatives? There ain't any. A full encryption of the files containing the document's contents wouldn't allow the user to see the document w/o knowing the password. Also that is what happens when you choose to let word protect the whole document -- it then really encrypts the full document. But for an edit restriction? There's just nothing else to do then setting a flag somewhere that this file shall be edit-restricted. And as users do not want that to be just a checkbox but somehow protected, they will enter a password then. And you don't want to store that password plain in a file for users are, generally speaking, fucking morons. That is, 8 out of 10 users will just recycle a password they already use for other things. Or variations therof. Which is why the least you should to is crypto-scramble the edit-protection password. But that's already like all you can do.

Also, if you don't believe me, consider believing Microsoft. When setting up the restrictions, Word explicitly warns the user that "the document is not encrypted. Malicious users can edit the file and remove the password.":