Security Warning, Digital Signature

  • Thread starter Thread starter Nick Kasoff
  • Start date Start date
N

Nick Kasoff

I've read about two dozen newsgroup threads, and obviously I just
don't get it. I have an Access 2003 app, I've installed SP8 and
confirmed I have the right version of msjet40.dll, I've purchased a
digital signature and signed my code, and I am STILL getting "Security
Warning: Unsafe expressions are not blocked" every time I open it.
This is a commercially distributed app, so that is not acceptable. A
digital signature is supposed to fix this. What am I doing wrong?

PS - One other important issue - is there a way that I can cause the
2003 runtime to install with Jet SP8 instead of whatever it shipped
with?
 
You failed to mention whether you are the one distributing the database or
someone else. If it is yours, you need to sign your code, or set macro
security to low. If someone elses, and you trust them, set macro security
to low. Otherwise, you need to tell the developer to sign their code.
 
You failed to mention whether you are the one distributing the database or
someone else. If it is yours, you need to sign your code, or set macro
security to low. If someone elses, and you trust them, set macro security
to low. Otherwise, you need to tell the developer to sign their code.
Click to expand...


I am the one signing the code. I sign it, then reopen the same thing I
just signed, and I get the warning. And I know it is signed because
the first time I open it, it asks me whether I trust the owner of the
signature. It's just that the (*&#$(*& macro warning won't go away.
And yes, I also have Jet 4.0 SP8 installed, for whatever that's worth.
 
I'd just set macro security to low...even Microsoft people have started
suggesting that.
 
Paul said:
I'd just set macro security to low...even Microsoft
people have started suggesting that.
Click to expand...

I agree with pragmatically - and to that end, I must know, is there a
way to do that in VBA? To a user with runtime?

More important, however, is that I am very uncomfortable in principle
with doing this, particularly since it's a setting for the Access
application and not just for my database. If the only way to get an
Access application to run without a bunch of threatening warnings -
even after purchasing and using a code signing certificate - is to
disable the security of the application and leave them vulnerable to
the malice of others - then Microsoft should refund my money for
Access 2003 and the developer's toolkit, and issue a public statement
that the environment is no longer suitable for commercially
distributed applications.

Anyone from Microsoft listening? I've been an Access devotee for more
than a decade, but you're going to lose me over this one if we don't
come up with a solution.
 
Believe me, you're not the only one that is a little pissed about this new
"feature". Microsoft failed to think this through whatsoever. It really is
assinine. I'm hoping that they'll do the right thing and rip it out in the
next SP.

Can you make the change to macro security setting from within VBA? No...and
by then, it would be too late and worthless anyway. It HAS to be set in the
registry BEFORE your app opens. If you wanted it set just for YOUR
application, you would need a starter app (EXE) that 1) changed the registry
setting 2) opened your MDB 3) changed security back to the original setting.

You can set it to low during install (through registry...but not possible
with PDW)...there is still a chance that the user might change it to another
setting. Also, you have to set in under the LM registry hive and not
CU....otherwise, any other user than the one who installed would have the
idiotic warnings. Practically speaking, not many users would change it
after it has been set...but you probably know how users do the unexpected.
So, this is risky approach....but not anymore than expecting users to
understand the implications of the assinine security warning dialog.

There really isn't a good solution to this problem.
 
(snip)
Believe me, you're not the only one that is a little pissed about this new
"feature". Microsoft failed to think this through whatsoever. It really is
assinine. I'm hoping that they'll do the right thing and rip it out in the
next SP.
Click to expand...

I don't think they need rip it out. Just give the user a program which, when
run, will cause a nominated application to be completely trusted & issue no
warnings - regardless of whether that applications is signed or not, &
regardless of what level the security options are set at.

Then the user gets the best of both worlds :-)

Cheers,
TC
 
Back
Top