Thread: Macros Security
View Single Post
  #11   Report Post  
Posted to microsoft.public.excel.programming
Gareth[_6_] Gareth[_6_] is offline
external usenet poster
  
Posts: 158
Default Macros Security
Hi Bill,

Looks like you generated a long discussion! I'm (very) far from an
expert in these matters but I won't let that stop me. It occurs to me
that you have two issues:
(1) Gaining the confidence of other schools to allow the macros to run
(your original question);
(2) Securing your code from theft.

To deal with the first issue:

(a) You don't definitely have to have a signature. If your code is an
AddIn and installed as such (by the school's IT staff) then security can
still be set as Very High. Rob Bovey's wonderful CodeCleaner runs just
fine on my machine under such conditions (XL2003). So if you deploy like
this the IT staff can be confident they're not exposed to other macros.

(b) OK - say you don't want to use an AddIn. Get yourself a signature
and have the IT staff trust it on their machines. It can't be recreated
by someone else. There are several ways to gain a signature. Buy one
(from Verisign and the like) - see Anne's post. (My take: expensive, not
worth it.) Create your own. You CAN do this (for free) - using MS's
makecert.exe or selfcert.exe. Once your original signature has been
trusted by the school's machines you can send new versions that are
still signed.

Second issue - securing your hard work. Again, a couple of options in my
mind:

(a) Just password protect your project (with a long password!). You can
also remove all the comments and spacing (using Codecleaner) - just to
be on the safe side and inconvenience any hacker. It's secure-ish -
people on this NG will be able to explain just how much.
But let's face it - this is for schools' whiteboards. Schools aren't in
the habit of stealing software (as far as I know). It's probably cheaper
to buy it than crack it. And if someone rips it off and sells it - sue
the hell out of them! Probably far more lucrative since they'll be doing
some hard selling for you for free! (I've sold AddIns before now and
haven't lost any sleep over it. There's probably thousands of AddIns out
there on the internet right now you can buy. So it works.)

(b) Make it uncrackable if you are worried. Anne's suggestion of a web
based solution is one. I think a far cheaper solution (and also her
suggestion) is to port it to a VB executable. This is very easy to do
generally. (Depending on your application's requirements... if you need
to control Excel still - event trapping through OLE might be tricky,
I've never tried..) Why a school is happy to trust an executable file
but not a cleanly installed AddIn is beyond me though.

I hope at least some of this might be helpful.

Good luck.
Gareth


Bill Hall wrote:
My school ICT manager, although impressed with my Excel programming (his
words, not mine!) of Interactive Whiteboard Maths Excel workbooks, tells me
that the school can not market them because of their use of MACROS - (really
VBA code behind Excel). Other schools probably won't have the courage or
imagination to allow my macros to be used my the machines on their networks.

I am assuming that I can't write code to "correct" their macro security to
"low".

What should I do? I notice a phrase "trusted macro developer" on a dialogue
box. Could you explain what that means and how someone is credited with that
status.

Thanking in anticipation

Bill Hall

Reply With QuoteReply With Quote