Re: Access 2003 Macro Security Modification
From: Mike Wachal (mikewa_at_online.microsoft.com)
Date: 02/27/04
- Next message: Rich_L: "Can't programatically access the field that links two tables"
- Previous message: James: "Re: Codding Questions/Problems"
- In reply to: Beth: "Re: Access 2003 Macro Security Modification"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 27 Feb 2004 11:32:13 -0800
Hi Beth,
It is certainly possible that I didn't fully understand you question,
although I question your motive in suggesting that I would respond to your
post without actually reading it first.
My answer was directed specifically to your comment:
> The line of code supplied by MS does not work.
in reference to the AutomationSecurity property. The code samples I
included in my response were specifically geared towards overcoming the
macro security prompt on your clients computers. In your comentary you did
not give any specifics on exactly how you were tyring to use the
AutomationSecurity property or describe in what way the code "does not
work."
Obviously, the desired way to prevent the macro security warning is to
digitally sign your database. In cases where you do not want to (or can't)
sign your database, one mechanisim to "bypass" the warning for those
clients who feel that Macro Security is important is to launch your
applciation using Automation rather than by opening it directly in Access
or by pointing a shortcut directly to the .mdb file.
When implemented on a client computer, it would look like this:
1. Your database file(s) on the client computer.
2. A script similar to the example I gave you that opens your database file
using the AutomationSecurity property.
3. A shortcut pointing to the script file.
When the client clicks on the shortcut, it launches the script, which in
turn creates an automation instance of Access and sets the security to Low
before opening your database. Setting the UserControl property give your
client the ability to interact with the database as if it was launch
normally rather than using Automation. You don't have to restart Access
when you do this and the setting only affects the specific instance of
Access that is launched by the shortcut. You could replace the script with
some other stub launcher, for example you could write a small VB app that
launches databases using this mechanisim.
If you write deployment packages for your applications, you would need to
modify your deployments so that the shortcut points to the launcher
application rather than your database file.
Another alternative to bypass the warning would be to sign the database
with a SelfCert created using the cetificate creation tool that is included
with Office 2003. While these certificates are not usually trustable on a
client computer, you can export the Public Key of this type of a signature
and then have your client install the Public Key on thier computer, which
then allows them to trust the certificate, thus eliminating the warning.
The primary risk of the first method (script workaround) is that there is
nothing to prevent your database from being modified by a macro virus in a
way that it could be used to harm your clients computer. Remember, Macro
Security is not about protecting your code, it's about protecting your
clients computer. Macro Viruses are typcially designed to move from one
file to another for a period of time, and then do something on a specific
day. By signing a file, you make it possible to determine if the signed
objects have been modifed, and thus make it possible to not run the
modified code that is potentially harmfull.
The primary risk of the second method (SelfCert workaround) is that there
is no chain of authority to validate the certificate. While installing the
Public Key allows your client to "trust" the signature, there is nothing to
prevent some other person from creating a SelfCert using your name and
sending it to your client. The value of a Certificaiton Authority is to
validate that you are you, so when your client sees your signature that is
authenticated by some third party CA, they can be more confident that it is
actually from you.
Digital signing is nothing new, and it certainly isn't unique to Microsoft
or Office. Many companies digitally sign thier code in this same way. This
is just a new thing in Access 2003 and an important step in making
computers more trustworthy for your clients.
-- Regards, Mike Wachal Microsoft Corporation This posting is provided "AS IS" with no warranties, and confers no rights. On 27 Feb 2004 07:19:21 -0800, Beth wrote: > Hello Mike and thanks for your reply. However, you either didn't read > or understand what I was saying in my post. I am a software developer > for a retail product. I'm not worried about security settings in > development as I don't think I am going to write anything that is > going to wipe out my own hard drive. :/ > > My issue is when we sell this app to clients and they have medium or > high security settings. No, we don't have digitally signed > applications, but since this latest 'feature' of M$'s, it looks like > we will have to go down this road since we won't be modifying the > clients' registry key. > > Thanks again for your time. > > Beth Moffitt > > Mike Wachal <mikewa@online.microsoft.com> wrote in message news:<zsrjd0kdrqcj$.yizcqiovnnt$.dlg@40tude.net>... >> Hi Beth, >> >> I'm sorry to hear that you are strugling with the Automation Security >> property. It might help if you copy the code that is failing for you into >> the newsgroup so we can take a look at it. If you are trying to use this >> property from VBA inside an Office application, you will need to have a >> reference to the Office 11 TypeLib. >> >> I've written two pieces of sample code, both are working successfully in my >> test environment (WinXP Pro, Office 2003 Pro). Here is my code for >> reference. >> >> This is VBA code that I run from within Access to use automation to open a >> separate database. >> > <snipped code> >> > This doesn't make any >> kind of setting on the database or change a setting permanently in Access. >> >> The second sample code I actually pulled from the following help topic: >> >> http://office.microsoft.com/assistance/preview.aspx?AssetID=HP010397921033 >> &CTT=98 >> >> This code is in VBScript and is a great way to open your development >> database on a computer that has High or Medium security. The idea here is >> that while it makes sense that any production database on you computer >> would be signed, the database your are currently developing might not be. >> You can open them by making a shortcut to the script rather than to the >> database itself. > > <snipped more code> >> >> Let me know if these samples don't work for you. >> >> -- >> Regards, >> Mike Wachal >> Microsoft Corporation >> >> This posting is provided "AS IS" with no warranties, and confers no rights. >> >> On 19 Feb 2004 09:41:03 -0800, Beth wrote: >> >>> Thanks for the replies. I did have a reference to the correct >>> library, but it didn't work. I changed to the integer value and still >>> didn't work. So, I did what every good developer does... Rearched >>> until I need a new perscription in eyeglasses! This is what I have >>> found so far. Maybe it will keep someone else from reading till they >>> go blind while looking for a resolution! >>> >>> Access installs with Security Level default of Medium. Users are >>> prompted when opening an Access database and receive the message "This >>> file may not be safe if it contains code that was intended to harm >>> your computer. Do you want to open this file or cancel the >>> operation?" They are then prompted with Cancel, Open or More Info. >>> If they choose Cancel, the app will not open. To quote Microsoft, >>> "This message is a result of new security features that are part of >>> Access 2003. For more information on these features, see Migrating to >>> Access 2003, on Office Online." Microsoft also publishes the >>> following:
- Next message: Rich_L: "Can't programatically access the field that links two tables"
- Previous message: James: "Re: Codding Questions/Problems"
- In reply to: Beth: "Re: Access 2003 Macro Security Modification"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
