Section 6.12.Common Questions

Previous page
Table of content
Next page


6.12. Common Questions

Whew, this chapter is already longer than I planned and (I fear) too complicated. In order to simplify things a bit, I include the following common security problems, with brief descriptions of how to solve them. I hope it helps!

6.12.1. What is partial trust?

The Excel macro security model is based on trust and known publishers. Macro code is digitally signed and that signature identifies the source (publisher) of the macro. At that point, the user makes the decision whether to trust that publisher. The inference here is that if the macro does something bad, the user will no longer trust that publisher and possibly pursue damages through the legal system.

In Excel and other applications that implement the Common Object Model (COM), trust is absolute. You either trust someone or you don't. In fact, this isn't a perfect system for the real world, where you might trust someone but not want to lend them your car keys, or your credit card, or your bank PIN.

There are situations where you might want to partially trust an application. Microsoft addresses this in the .NET Framework. Applications written with .NET can be granted partial trust, so they can run but not read the system registry or write to disk, for example.

There are some situations where .NET applications require full trust. For instance, a .NET application must be fully trusted in order to use Excel. You can't use .NET to create partially trusted wrappers for COM applications.

See Chapter 5, "Program Excel with .NET."

6.12.2. What is the Office Anti-Virus API?

Microsoft provides an API for anti-virus software developers so that they can write code to scan documents as they are opened in Excel. Since the scan is focused on the current file being opened, it can be more thorough than general scans of the user's disk. Anti-virus software that uses this API may display settings on the Macro Security options dialog in Excel.

See the web site msdn.microsoft.com/workshop/security/antivirus/overview/overview.asp .

6.12.3. How do you get rid of the macro security warning?

If you write macros for personal use and get tired of seeing the macro security warning every time you open personal workbooks, you can sign your macros with a personal digital certificate. To do this:

  1. Choose Digital Certificate for VBA Projects from the Windows Office Tools menu to run SelfCert.exe.

  2. Use SelfCert.exe to create a personal digital certificate.

  3. From the Visual Basic Tools menu, choose Digital Signature.

  4. Click Choose to add your digital certificate to the workbook's macros.

  5. Repeat Step 4 each time you create a new workbook or template containing macros.

See the section "Add Digital Signatures."

6.12.4. How do you prevent all macros?

You can omit Visual Basic for Applications during installation or remove that component after installation by using Office Setup to perform maintenance. That prevents users from creating their own macros as well as preventing them from running macros in existing workbooks.

Other applications, such as Windows Scripting Host (WScript.exe) will still be able to run macros that use the Excel Object Library, however. You can't remove this libraryExcel needs it to run and will reinstall it if it is not found. You can remove or disable WScript.exe and CScript.exe, but other applications can still access the Excel Object Library to perform tasks in Excel.

See "Distribute Security Settings."

6.12.5. How do you secure a workbook?

Security is a sliding scale and I'd hesitate to say anything is ever completely secure. You can make Excel workbooks fairly secure by adding password-protection and encryption. Be sure to use a strong password (eight or more characters, upper- and lowercase, include numbers and symbols).

You can also protect access to files through Windows by using the NT Encrypting File System and using the Windows file security settings to prevent access by users other than yourself.

Finally, you can set permissions on a workbook using IRM to prevent any user other than yourself from reading or writing to the workbook in Excel. This last technique also provides a way to share workbooks in a secure way with restricted permissions.

See the sections "Password-Protect and Encrypt Workbooks" and "Use Identity-Based Security."

6.12.6. How do you add a trusted publisher for a group of users?

There are two ways to do this, depending upon your network setup and your distribution needs: you can create a command-line script that uses CertMgr.exe to install exported certificate files (.cer) on each user's machine, or you can use the Microsoft Management Console Certificates snap-in (CertMgr.msc) to install certificates on user's machines over a networkprovided you have administrative privileges to their machines.

See "Distribute Security Settings."


    Previous page
    Table of content
    Next page
    Excel 2003 Programming. A Developer's Notebook
    Excel 2003 Programming: A Developers Notebook (Developers Notebook)
    ISBN: 0596007671
    EAN: 2147483647
    Year: 2004
    Pages: 133
    Authors: Jeff Webb
    BUY ON AMAZON
    Metrics and Models in Software Quality Engineering (2nd Edition)
    Service-Oriented Architecture (SOA): Concepts, Technology, and Design
    Introducing Microsoft ASP.NET AJAX (Pro - Developer)
    Microsoft VBScript Professional Projects
    VBScript in a Nutshell, 2nd Edition
    GDI+ Programming with C#
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy