Menu
I have my-template.docx that I convert into my-report.docx with OpenXml and then my-report.pdf with:
soffice --headless --convert-to pdf my-report.docx
I feel compelled to say that this functionality is very much appreciated 🙌. Anyways, one thing I can't find an answer to here (cli documentation) or here (comparison with MS Office) or my other post is if LibreOffice is safe for automation.
See this post from Microsoft that says not to use Word for server-side automation. That begs the question of whether LibreOffice is safe for server side automation? Basically I will be using C# to run soffice --headless --convert-to pdf my-report.docx anytime a request for a report comes in.
Is that safe?
*assume nobody else is trying to read my-report.docx
765
Is LibreOffice safe? May be a noob question but I'm just curious if I can trust LibreOffice. If not, what alternatives do you know? LibreOffice is good. I've been recommending OnlyOffice to most people because it makes the transition from MS Office much easier thanks to the UI/UX.
Beginning with Version 3.5 LibreOffice can be launched as a web server. This allows using LibreOffice online within a web browser. A short demonstration is available here . A recent version of gtk3. A backport for openSUSE 12.1 can be found here, but if you have all the current updates installed it should just work out of the box.
Everyone hyping open source are mostly people who give this trust to someone else in a hope they've done it and ensured code and compiled binary actually match. LibreOffice is fine in general. There is also OnlyOffice which is also open source and at least personally, I prefer it over LibreOffice.
As an alternative there are also a few projects built on top of LibreOffice that try to make converting documents even easier and might actually be faster by pre-forking or using the LibreOfficeKit API. Two examples are JODConverter or unoconv. The idea is similar but you would need to look at all points again.
As long as you control the content of the input file there should be no issue at all. Keep in mind that LibreOffice only allows one active instance per user profile, so if you want to be able to process more than one document in parallel you should use separate user profiles.
If you have untrusted input data the whole question becomes more complex to answer. While there has been quite a bit of work securing the code base, a desktop office suite is still a huge piece of software with a lot of potential attack surfaces (macros, remote data connections, old binary file formats, ...). While all of these features should be blocked in headless operations you have to trust that there are no undiscovered bugs.
The remaining points in the Microsoft article should not apply to LibreOffice. The headless mode is designed not to interact with the desktop environment and except for the user profile does not change anything in the system or depends on any desktop related piece. The default builds will still depend on some GUI libraries but if that actually becomes a problem there is an experimental build option to build a non-GUI version without any X/GTK/KDE library dependencies.
As an alternative there are also a few projects built on top of LibreOffice that try to make converting documents even easier and might actually be faster by pre-forking or using the LibreOfficeKit API. Two examples are JODConverter or unoconv.
96
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
