tags:

views:

54

answers:

2
+2  Q: 

Whether to enable a security-protected feature

An Excel spreadsheet needs programmatic access to its Project structure. However, this access is disabled by default. It can be enabled programmatically, by writing to the registry with this snippet:

Set wsh = CreateObject("WScript.Shell")
'key to modify'
str1 = "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\" & Application.Version & "\Word\Security\AccessVBOM"
'enable access'
wsh.RegWrite str1, 1, "REG_DWORD"
'read the vba project name'
MsgBox Application.NormalTemplate.VBProject.Name
'disable access'
wsh.RegDelete str1

Although it can be done (and reset) programmatically, this could create a security issue.

In my project, it attempts to modify the Project structure, and throws an error if it cannot. The error can be caught, and at this point it can either run the snippet to enable access or display an error message to the user to enable access manually. Is it better to enable the access via the program, where it can be disabled later, or instruct the user to do so?

+2  A: 

It seems to me that the fact it can be done programmatically is a security issue. Given the existence of such a simple mechanism to override the default "protection", you're not exposing the user to a significantly greater risk by turning it off. Any virus writer worth their salt would be doing this anyway.

That said, turning it off for 20 seconds while you do your work and then turning it on again leaves the (broken) window open for far less time than asking the user to turn it off.

I'd be inclined to ask the user for permission to turn it off temporarily, and then make damn sure that I turned it back on again (since leaving it off would be a no-no).

Gary McGill  2009-07-15 14:55:15
+1 for suggesting to ask the user before turning it off
A. Scagnelli  2009-07-15 14:59:27
+1  A: 

Well, two things: It's pretty well known you can modify office security settings via the registry. So Office circumvents this by only reading the settings when the file opens. So if you change the settings with your code you will also need to close and reopen the file for the setting to take effect. Secondly tampering with the users security settings would be considered "rude" software. If the user want's to allow your code they will. Simply prompt them to enable the setting and restart the program. Anything past that would be considered poor behavior.
Remember, just because you can, doesn't mean you should:)

Oorang  2009-07-15 14:59:29
I posted this question with the best-practices tag because of the concern about writing "rude" software. Your mention of Office only reading the setting on launch could render this moot -- does it check the registry on file open or on app open?
A. Scagnelli  2009-07-15 15:05:10

related questions

Top ten ordering in Excel based on complex team rules
Exposing .net methods as Excel functions?
Hiding data points in Excel line charts
Options for PivotTables in Excel
How do I create a status dialog box in Excel
Killing Excel.EXE on server
Modifying a spreadsheet using a VB macro
Count a list of cells with the same background color
Is there anything wrong with this query?
Excel VBA: Alternative IDE
Insert current date in Excel template at creation
Excel: list ranges targeted by INDIRECT formulas
What is the best way to package and distribute an Excel application.
Using Interop with C#, Excel Save changing original. How to negate this?
Using VLOOKUP in an array formula on Google Spreadsheets
How do I save a datagrid to excel in vb.net?
Alternating coloring groups of rows in Excel
How do you prevent leading zeros from being stripped when importing an excel doc using c#
How do I find the Excel column name that corresponds to a given integer?
Accessing Excel data source running SSIS package on 64 bit server
.NET - Excel ListObject autosizing on databind
Reading Excel files from C#
Does anyone have .Net Excel IO component benchmarks?
Refresh Excel VBA Function Results
What is a good web-based Grid that accepts Excel clipboard data?