- What's New in Microsoft Office Access 2010: An Overview
- Changes to the Office 2007 Ribbon User Interface
- Security, Trusted Locations, Packages, and Certificates
- Access Web Databases and SharePoint Lists
- Application Development by Templates
- Access Macros Redux
- SQL Server 2008 [R2] Express Edition Setup
This chapter is from the book
This chapter is from the book
This chapter is from the book
Security, Trusted Locations, Packages, and Certificates
Access 2010's approach to system and database security is very similar to that of Access 2007. System security attempts to prevent—or at least dissuade—users from opening database or project files that might contain harmful code in macros or VBA modules. The term harmful code generally means code that can access local computer or network resources and (potentially) install malware, bots, or viruses.
When you open any database from a location that you haven't designated as trusted or that hasn't been signed with a digital signature from a publisher you trust, Access opens with a Security Warning bar. Clicking the bar's Click for More Details link (look ahead to Figure 1.17), opens the Info pane with a Security Warning button added. Opening the button's gallery gives you two choices for enabling potentially dangerous content (see Figure 1.16).
)
Figure 1.16 You can enable all content or open the Security Alert dialog to select the content to trust in the Security Warning gallery.
Selecting Advanced Options closes the Info pane and opens a Security Alert dialog that's identical to the Access 2007 version (see Figure 1.17).
)
Figure 1.17 Access 2010's Security Warning message differs slightly from Access 2007's. Select the Enable the Content option if you trust the database's source.
Specifying Trusted Locations
You can prevent the Security Warning bar from appearing by storing the .accdb or .adp file in a trusted location (folder). You specify trusted location(s) in the Trusted Locations dialog of the Access Options dialog's Trust Center page.
For an example of creating a trusted location, see "Designating the Default Database Folder as a Trusted Location," p. 53.
Packaging and Code-Signing Databases
An alternative to requiring users of your Access application to create a trusted location for the database is to create a Microsoft Office Access Signed Package (.accdc file) from the .accdb file. Creating a Signed Package code-signs all objects in the database and compresses the file by a factor of about five to reduce download time.
To sign a package, you must have a code-signing (Class 3) certificate from a commercial certificate authority (CA), such as Comodo, Thawte, or VeriSign, or create a self-signed certificate with Office 2007's Digital Certificate for VBA Projects application (SelfCert.exe). Code-signing certificates from a commercial CA cost from $99 to $199 per year.
Self-signed certificates usually are limited to personal or small workgroup use. By default, self-signed certificates work only for packages you extract on the same machine that created and signed them. Use trusted locations to avoid security warnings unless you have a compelling reason to do otherwise.
Enabling Non-trusted Application Automation with Macros
Access 2010 users in organizations with highly secure computer operations might be prevented from enabling "potentially harmful content" by a group policy setting. In this case, you can take advantage of the default "safe" subset of Access macro actions that will run without enabling VBA code by trusting the database. To enable unsafe macro actions, you must click the Macro Tools, Design ribbon's Show All Actions button, which toggles between displaying a list of all and safe-only actions.
For more information on Access macros, see "Access Macros Redux," p. 33.