If you want to send a database to other users, you can certainly put it in a zip file and e-mail it. However, unless the recipient really trusts that the e-mail came from you (it’s easy to spoof a sending e-mail address), the recipient might not be willing to open your file. Access 2007 provides a new tool that lets you compress your database file and include it inside a file that is digitally signed.
So, what is “digitally signed?” If you’ve surfed the Web at all, you’ve probably encountered several digitally signed files. For example, when a Web site wants to download and install an ActiveX control and you have security enabled in your browser, your browser prompts you to decide whether to download and run the file. If the file is digitally signed, you’ll see verified information about the publisher that has been authenticated over the Web by a commercial certificate authority such as VeriSign, GeoTrust, or GoDaddy. In many cases, you can select an option to accept all signed files from a specific trusted source (such as Microsoft) so that you won’t be prompted again if you encounter another signed file from the same source.
The new tool in Access 2007 lets you package your database into a compressed Deployment file (.accdc) and then sign it with a digital certificate ready to send to your users. When a user attempts to open your file, Access 2007 uses the digital certificate to verify the source of the file and that all objects in the database have not been changed since the database was signed. If the user trusts the digital certificate, Access 2007 opens and extracts your database file ready for the user to run.
But there’s one catch. If you need to distribute this database to other users, you must purchase a digital certificate from a commercial certificate authority, and they’re not inexpensive. When you own a commercial certificate, you can use it to “sign” any file that you publish (perhaps on your Web site) or send to others. The program that the recipient uses to open the file can send the certificate information over the Web to the validating authority. The validating authority verifies the certificate and sends back information about the publisher of the file. The recipient can decide to trust the information to avoid being prompted in the future, decide to open the file anyway, or cancel the open.
|Inside Out-Using a Self-Signing Certificate|| |
If you want to test how packaging and signing works, you can create and use a selfsigning certificate. The 2007 Microsoft Office system includes a tool to create self-signing digital certificates-SelfCert-that you can use for packaging databases. These certificates, however, are valid only for the computer on which you create them. To create a digital certificate for yourself, click the Windows Start button, click All Programs, click your Microsoft Office folder, click Microsoft Office Tools, and then click Digital Certificate For VBA Projects. In the Create Digital Certificate dialog box, enter the name of the certificate you want to create, and then click OK. Because a self-signing digital certificate is valid only on the computer on which you create it, if you package and sign a database with a self-signing certificate and then send it to someone else, the certificate is no longer valid.
To package and digitally sign your database, open the database, click the Microsoft Office Button, click Publish, and then click Package And Sign. Access opens the Select Certificate dialog box, as shown in Figure 25–6. Click the View Certificate button to review all the details of the selected certificate. Select the certificate you want to use from the list, and then click OK. (In this example, we used a self-signing certificate for demonstration purposes.)
Figure 25–6: Select the digital certificate you want to use to sign the package.
Access opens the Create Microsoft Office Access Signed Package dialog box, as shown in Figure 25–7. Enter or browse to the location in which you want to save your signed database package. In the File Name box, enter a name for this new packaged file, and then click Create. Access compresses your database, “signs” the file using the digital certificate you selected, and places the database and signature into an .accdc file in the location you specified.
Figure 25–7: Enter a file name and location for your packaged database.
You can package and sign only those databases saved in the .accdb file format In addition, you can include only one database in a package. If you want to digitally sign the Visual Basic code in an .mdb or .adp file, open the Visual Basic Editor, and click Digital Signature on the Tools menu. Your VBA project must be compiled. If you make any further changes to your database after signing it, the digital signature becomes invalid.
When you (or your user) open a signed database, Access displays the Microsoft Office Access Security Notice dialog box, shown in Figure 25–8, if you have not previously trusted this publisher. If you’re unsure of the source of this certificate, you can click the Show Signature Details link to examine all the details about the publisher. If you click Trust All From Publisher, Access always trusts any files from this source. You can see a list of trusted publishers in the Trusted Publishers list in the Trust Center that you can access from the Access Options dialog box.
Figure 25–8: Click Open if you trust the publisher and want to open the database.
Click Open if you trust the publisher, and Access opens the Extract Database To dialog box, as shown in Figure 25–9. Enter a name in the File Name text box, select a location to save the extracted database, and then click OK. Access extracts the database from the .accdc file, saves it to the location you specified, and then opens the extracted file. Note that Access might still disable content in this database depending upon your settings in the Trust Center.
Figure 25–9: Select a location to extract the packaged database.