Re: self-signing certificate

Hi, Josh.

So, I moved it to "Trusted Root Certification Authorites", and it works
now. No warnings at all when opening with medium security set.

Excellent. Thanks for reporting back with your solution so that others who
have the same problem can research the archive and benefit, too.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.


"Josh" <traygo@xxxxxxxxxxx> wrote in message
news:tgh3a25slcm54nfvvt1n0b5mtn6qi5tdj1@xxxxxxxxxx
Taking another look at the certificates, I ran the Certificate MMC snap
in, and
saw that my self-signed certificate (current user) was under the
"personal"
folder. So, I moved it to "Trusted Root Certification Authorites", and it
works
now. Now warnings at all when opening with medium security set.

Thanks, Josh


On Mon, 26 Jun 2006 16:21:20 -0700, "'69 Camaro"
<ForwardZERO_SPAM.To.69Camaro@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi, Josh.

A Self-Cert digital certificate isn't trusted when the Macro Security
level
is set to High level. It's only trusted when used for Medium level.


But, it was set for Medium during the time I was experimenting with
certificate,
so that should have satisfied access and not given me a warning, is that
correct? And, if correct, why the warning?

You also stated that your SelfCert certificate had a red X on it and you
were warned that this certificate isn't trusted because it isn't in the
Trusted Root Certification Authorities store. Let's assume for a moment
that this information is somehow incorrect, and you installed the SelfCert
digital certificate on this computer correctly and digitally signed this
database file with your SelfCert digital certificate. You set the Macro
Security level to Medium, which should allow a SelfCert digitally signed
database to open unchallenged. Since you're being challenged when you
open
this database, it means that your Macro Security level can only be set to
Medium (you couldn't open it at all if it were High, and you wouldn't be
challenged if it were Low), but either the digital signature on the
database
file is invalid or the SelfCert digital certificate on that computer is
invalid (not trusted). Since you got the warning that your SelfCert
digital
certificate isn't trusted, we have to assume that this Microsoft Office
security feature is complaining for a good reason. You need to
troubleshoot
why the application is claiming that the digital certificate isn't in the
Trusted Root Certification Authorities store.

I don't understand the default of 2, sandbox mode for non-access
applications,
but not for Access. Wouldn't the default of 1 be better (from a
'Default'
point
of view), to make Access more secure and leave non-Access applications
alone?

No. Access versus the other applications is comparing apples with
oranges.
If Sandbox mode were set to 1, then any Access database application
without
action queries, and without expressions in table, query, field, form,
report, or control properties would run as is. Such a simple Access
database is trivial, in that the user interface isn't much used, if at
all,
and most likely the file is only being used as a data source by some other
application, which wouldn't have any of its expressions blocked by the Jet
Expression Service.

But a non-trivial Access database would have its update, make table, and
append queries disabled. The other queries or any of the tables, forms,
reports, or controls on the forms or reports using the functions listed as
blocked on the following Web page in their properties would be disabled:

http://support.microsoft.com/default.aspx?id=294698&Product=acc

Such an Access database application wouldn't be very useful because it
couldn't be very complex or do the things that most database applications
do. Non-Access applications in the Microsoft Office Suite don't generally
rely on queries or properties of database objects, so preventing them from
using these queries or functions in expressions in those other
applications
isn't much of a penalty.

Or, am I totally screwed up (which is the most likely case)

The new security feature of Access 2003 is pretty confusing, which is why
most folks are ignoring it completely by using the Low Macro Security
setting.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.


"Josh" <traygo@xxxxxxxxxxx> wrote in message
news:r8g0a29gh0tal7v1l8330vunlqrjhv4h3q@xxxxxxxxxx
On Mon, 26 Jun 2006 05:02:31 -0700, "'69 Camaro"
<ForwardZERO_SPAM.To.69Camaro@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi, Josh.

which I should have
Jet4sp8, as I just went to office update.

No. Office Update won't update Access 2003 with Jet 4.0 SP-8, because
Access 2003 already contains Jet 4.0 SP-8. Re-read that warning message
in
the context of Access 2002 users, who didn't have Jet 4.0 SP-8 by
default.
Microsoft didn't bother updating the message for Access 2003, so you and
the
other millions of Access 2003 users were confused the first time we saw
that
message, too.

Is that why I still had to set security level to Low, because the
certificate,
while there, isn't trusted?

A Self-Cert digital certificate isn't trusted when the Macro Security
level
is set to High level. It's only trusted when used for Medium level.


But, it was set for Medium during the time I was experimenting with
certificate,
so that should have satisfied access and not given me a warning, is that
correct? And, if correct, why the warning?



btw, sandbox mode is set to 2 in registry, not sure whether to set it
to
1
or 2
or does it make a difference if security is set to Low?

It makes a difference, because it's a separate issue that has been
enabled
with Jet 4.0 SP-8. (Remember that warning message? That's what it's
for.)
If you leave the Sandbox mode setting at 2 (the default), then Sandbox
mode
is used for non-Access applications, but not for Access. If you set it
at
1, then Sandbox mode will only be used for Access applications, not
other
applications.


I don't understand the default of 2, sandbox mode for non-access
applications,
but not for Access. Wouldn't the default of 1 be better (from a
'Default'
point
of view), to make Access more secure and leave non-Access applications
alone?
Or, am I totally screwed up (which is the most likely case)

Thanks



Seems to me that this is an example of "make it too difficult and
people
will
just bypass security"

Yup. Those with common sense will avoid spitting into the wind.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and
tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.


"Josh" <traygo@xxxxxxxxxxx> wrote in message
news:1qut92tp3p33d0ojgf49buh33j5o1svja2@xxxxxxxxxx
just upgraded to access2003, and got the Jet4sp8 warning, which I
should
have
Jet4sp8, as I just went to office update.

Searched google, and saw that I can either set security to low, or do
a
self-signing certificate if used with this computer. So, did the
self-signing
certificate, added it to macro/Security/trusted publishers. I thought
that
would
take care of it, but, now, still get the warning. I had to actually
set
security
to low to avoid the warning. Went back to macro/Security/trusted
publishers and
viewed my certificate. Looked ok until I looked at the "certification
Path" tab,
and saw that my certificate had a red X on it, with this comment: This
CA
Root
certificate is not trusted because it is not in the Trusted Root
Certification
Authorities store.

Is that why I still had to set security level to Low, because the
certificate,
while there, isn't trusted?

btw, sandbox mode is set to 2 in registry, not sure whether to set it
to
1
or 2
or does it make a difference if security is set to Low?

Seems to me that this is an example of "make it too difficult and
people
will
just bypass security", like "make password requirements too complex,
therefore
people write them down and leave the note by the keyboard" kinda
thing.

Thanks, Josh






.

Relevant Pages

  • Re: Macro Xcel Windows
    ... If using XL97, macro security is on or off, no levels. ... Before setting your security to "low" which will let every file with macros ... You can create a digital certificate and use that on your VBAProject so only ... that file with the certificate is allowed to be opened with no warning. ...
    (microsoft.public.excel.misc)
  • Web server SSL certificate not quite right
    ... service under .NET Server 2003 RC1. ... there is a problem with the site's security certificate. ... Anyone have any details on how to get rid of the warning? ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • macros with expired or revoked signature
    ... Thank you for your help but if I set Security to Medium ... >which means that no macros will be enabled. ... You will now get a warning ...
    (microsoft.public.word.application.errors)
  • Re: Problem with ActiveX/Windows ME
    ... It's warning you that the web page is trying to ... >>your internet security won't allow. ... make sure Internet is at Medium ...
    (microsoft.public.win2000.security)
  • RE: Doing a page redirect
    ... the warning "The name on the security ... certificate is invalid or does not match the name of the site" should ... will the warning dialog still ... Please double-click to view this certificate. ...
    (microsoft.public.inetserver.iis)