tags:

views:

1646

answers:

4
Q: 

VBA password protection: how it works? is it secure? are there any alternatives?

In case one wants to protect VBA applications to make trial(demo) versions and not to expose the scripts, how secure the built in password protection is? Are there any alternatives?

Edit: I'm asking about Excel VBA here.

+2  A: 

Your password security is going to depend largely upon the version of office used. All other Office solutions prior to 2007 can be cracked. Office 2007 requires brute forcing the password. The default encryption mechanism is 128 bit AES.

This means the higher the complexity of the password, the harder to crack. IE - Numbers, special characters, mixing case, etc.

Gavin Miller  2008-11-03 19:51:46
Are there any alternative ways to protect the code in versions prior to 2007?
axk  2008-11-03 20:14:58
I wonder how the code is accessed by Excel when it runs it if the code is encrypted?
axk  2008-11-03 20:16:46
A: 

It's not very safe, and can be pretty easily cracked with a tool.

This video shows how it's done.

Rorschach  2008-11-03 19:52:24
A: 

If you really want to protect source, this may be the way to go for you. For those who may not want to follow the link it's an article regarding developing an XLL add-in for Excel 2007. Xll is a specialized dll for use with MS Excel.

Onorio Catenacci  2008-11-03 20:16:27
I don't thinks this is an option in my situation.
axk  2008-11-03 20:35:11
I thought it might not be Aleksey--on the other hand, I thought it might be possible that you might know C++ and just be asking about VBA because it's Excel.
Onorio Catenacci  2008-11-03 20:38:42
I had some experience with C++ myself, but the problem is that the question is actually from a person who doesn't know C++ and there's already a lot of code in VBA.
axk  2008-11-03 22:01:50
A: 

It is not secure. Anyone opening your document in OpenOffice will get immediate access to the code. Open office basically ignores any password protection.

The OO folks have a very good document describing the Excel file format. Section 4.18 (pg. 114) starts the discussion on how protection is handled. Onorio's suggestion on using an add-in will slow someone down, but will not stop a determined hacker.

It's sort of like locking the door to your house. It won't keep out someone determined to get in, but does 'keep honest people honest'.

DaveParillo  2010-01-20 16:26:33

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security