J
jagbarcelo
Last April 26th I posted in microsoft.public.access.security with the same
subject: Access 2007: Digital signature is lost when you create ADE files. I
have not received any response there (maybe there is no explanation, maybe
that forum is not active enough) so I repost the same here (I hope it would
have a wider audience here, and maybe a reply appear).
---Original post follows---
We have been using digital signatures for years (Office 2003) to deploy MS
Access complied project files (.ADE) to avoid users to accept security
warnings every time they opened the application.
Now we are using Office 2007 and whenever we create ADE files (with signed
VB code), we receive (in Access status bar, on the bottom) the following
warning (maybe the warning is not exactly as this, since it is a self-made
translation from Spanish):
"The changes made to the databes or project had invalidated the linked
digital signature"
"Las modificaciones realizadas en la base de datos o proyecto han invalidado
la firma digital asociada." (this is the original warning).
After that, when any user tries to open the created ADE file, they receive
the usual warning as if the file had no digital signature at all:
Microsoft Office Access Security Notice
A potential security concern has been identified.
Warning: it is not possible to determine that this content came from a
trustworthy source. You should leave this content disabled unless the
content provides critical functionality and you trust its source.
That dialog confirms that the original warning shown in the status bar was
right. The signature is lost when you compile the ADP into an ADE file.
I have checked that this happens when creating a brand new database project:
* Create a new database project (ADP) and connect it to any SQL Server /
Northwind you have at hand
* Create a form with a single button in it and use the following code:
Option Compare Database
Option Explicit
Private Sub Command0_Click()
MsgBox ("this is a test")
End Sub
* Sign the code: Tools -> Digital signatures...
* Create ADE
* Try to open the ADE you created before
Can this be classified as a bug or a feature? Is there any place to submit
feedbacks for Access 2007?
Thanks in advance.
---Original post ends---
During the meantime I have been working on this issue and I can now add
another odd behaviour: Digital signatures are also lost whenever you 'compact
and repair' an ADP file that is 'compactable' (i.e. VB code or forms have
been modified and saved several times since the last 'compact and repair').
It does not matter that there are alternative ways to prevent the security
warnings from appearing (i.e. Trust Center). I think this is a real bug that
prevents anyone that owns a Digital Certificate from signing and distributing
code (without distributing the code, i.e. ADE files) the way we were used to
do with Access 2003.
I hope staff at MS solve it better sooner than later. I'm also willing to
hear from your experiences on this field.
----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.
http://www.microsoft.com/office/com...-82c9-0a5e60234f1a&dg=microsoft.public.access
subject: Access 2007: Digital signature is lost when you create ADE files. I
have not received any response there (maybe there is no explanation, maybe
that forum is not active enough) so I repost the same here (I hope it would
have a wider audience here, and maybe a reply appear).
---Original post follows---
We have been using digital signatures for years (Office 2003) to deploy MS
Access complied project files (.ADE) to avoid users to accept security
warnings every time they opened the application.
Now we are using Office 2007 and whenever we create ADE files (with signed
VB code), we receive (in Access status bar, on the bottom) the following
warning (maybe the warning is not exactly as this, since it is a self-made
translation from Spanish):
"The changes made to the databes or project had invalidated the linked
digital signature"
"Las modificaciones realizadas en la base de datos o proyecto han invalidado
la firma digital asociada." (this is the original warning).
After that, when any user tries to open the created ADE file, they receive
the usual warning as if the file had no digital signature at all:
Microsoft Office Access Security Notice
A potential security concern has been identified.
Warning: it is not possible to determine that this content came from a
trustworthy source. You should leave this content disabled unless the
content provides critical functionality and you trust its source.
That dialog confirms that the original warning shown in the status bar was
right. The signature is lost when you compile the ADP into an ADE file.
I have checked that this happens when creating a brand new database project:
* Create a new database project (ADP) and connect it to any SQL Server /
Northwind you have at hand
* Create a form with a single button in it and use the following code:
Option Compare Database
Option Explicit
Private Sub Command0_Click()
MsgBox ("this is a test")
End Sub
* Sign the code: Tools -> Digital signatures...
* Create ADE
* Try to open the ADE you created before
Can this be classified as a bug or a feature? Is there any place to submit
feedbacks for Access 2007?
Thanks in advance.
---Original post ends---
During the meantime I have been working on this issue and I can now add
another odd behaviour: Digital signatures are also lost whenever you 'compact
and repair' an ADP file that is 'compactable' (i.e. VB code or forms have
been modified and saved several times since the last 'compact and repair').
It does not matter that there are alternative ways to prevent the security
warnings from appearing (i.e. Trust Center). I think this is a real bug that
prevents anyone that owns a Digital Certificate from signing and distributing
code (without distributing the code, i.e. ADE files) the way we were used to
do with Access 2003.
I hope staff at MS solve it better sooner than later. I'm also willing to
hear from your experiences on this field.
----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.
http://www.microsoft.com/office/com...-82c9-0a5e60234f1a&dg=microsoft.public.access