Results 1 to 7 of 7
  1. #1
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Dallas plus 20 miles or so, Texas, USA
    Posts
    876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Backdoor to VBA project (2000)

    Hi all,

    I have a very neat, workable workbook (thanks to everyone here) that has an "Access" form. To enter the workbook, you must have a valid code. In order to make this fairly secure, I have set in every possible place the application.enablecancelkey to false.

    I would, however, like to place an extra code for myself, in the more likely than not event that something gets flubbed up. Something along the lines of:

    <pre>Commandbutton1_Click()
    If Userform1.Textbox1.Value = "something" then
    'Unlock project using the project password and maybe open the VBE
    End
    </pre>

    Something of a way in the back door if I need to get in. I found <A target="_blank" HREF=http://www.wopr.com/cgi-bin/w3t/showthreaded.pl?Cat=&Board=vb&Number=12934&page=&v iew=&sb=&o=&vc=1#Post12934>this post in the VB forum</A> about Word 97 but was wondering if this is true with Excel 2000.

    Thanks,

  2. #2
    Bronze Lounger
    Join Date
    Jun 2001
    Location
    New York, New York, Lebanon
    Posts
    1,449
    Thanks
    1
    Thanked 1 Time in 1 Post

    Re: Backdoor to VBA project (2000)

    Mike

    Forget it!!!

    Unless you have one single user who sits in front of you, as he/she works with your application, security in MS-Excel is weak to say the least. <img src=/S/bummer.gif border=0 alt=bummer width=15 height=15>

    I suggest you look into the following (with all due Respect for all Excel Users <img src=/S/heart.gif border=0 alt=heart width=15 height=15> Worldwide:

    1) Make the workbook an Add-In, this will limit access for about 60% of Excel Users. <img src=/S/doh.gif border=0 alt=doh width=15 height=15>

    2) The log in "Access" form could be more secure if you have some sort of a SQL stored procedure that would send info back if the user is allowed based on their log in password/User name combo. I have an example of that if you need a starting point. This will limit an additional 30% of Excel Users. <img src=/S/clever.gif border=0 alt=clever width=15 height=15>

    3) If you write code that has backdoors then you are already making it easier to get in. Write solid code that even you can't break in. Keep a copy of the workbook without all that code enabled, in case of as you put it <font color=red> flubbed up </font color=red> then all you do is enable the code and send it to the users again. This will limit access to an additional 5% of Excel Users. <img src=/S/crazy.gif border=0 alt=crazy width=15 height=15>

    That leaves us with 5% of Excel Users, who can break your code, well I suggest you don't post this work on any of the public lists we have out there <img src=/S/evilgrin.gif border=0 alt=evilgrin width=15 height=15> <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16>.

    I hope I have scared you enough and made you rethink your strategy. This is my intention any way.

    Wassim
    <img src=/S/compute.gif border=0 alt=compute width=40 height=20> in the <img src=/S/bagged.gif border=0 alt=bagged width=22 height=22>

  3. #3
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Dallas plus 20 miles or so, Texas, USA
    Posts
    876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backdoor to VBA project (2000)

    Well, thanks for your thoughts Wassim,

    Actually, it did take me about 8 hours to break into my own code during the last little fuss I had with it.

    The persons using this are 100% incapable of breaking in...some of them cannot even follow the directions on the forms displayed. (no, not all restaurant managers exhibit this behavior!)

    I do however have some reporting which reports the date, time, and the attempted password to a log file for supervisor use.

    I think you are right though...thorough code that performs as expected should leave me with a backdoor - the password to the project!

    I guess I was thinking back to the "flubb up" made by ME when I somehow locked myself out of my own creation.

  4. #4
    3 Star Lounger
    Join Date
    Aug 2001
    Location
    Jeddah, Saudi Arabia
    Posts
    243
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Backdoor to VBA project (2000)

    Please excuse me if I've got the wrong idea about what you are trying to achieve.

    Why not just make the workbook password protected and lock the project for viewing using the built in protection in VBA?

    Regards,

    Kevin Bell

  5. #5
    Bronze Lounger
    Join Date
    Jun 2001
    Location
    New York, New York, Lebanon
    Posts
    1,449
    Thanks
    1
    Thanked 1 Time in 1 Post

    Re: Backdoor to VBA project (2000)

    Mike

    All one needs to do is disable Macros when the warning comes up and your code is toast. Sure they will not be able to work with your workbook, but that was never a requirement for hacking into one.

    OK lets try this, e-mail me [wassimnassif@hotmail.com] the secured workbook, put a remark some place in the workbook so that I can find it. If I break into the workbook and read the remark, then I'll e-mail you the remark and then you will know that I was able to break into it.

    I still suggest that you have one workbook with security and another copy for you without all that security, or protected with a simple password. BTW is this product commercially available, if so the buyer may require you to remove the security, and in some instances this is a legal request.

    Wassim
    <img src=/S/compute.gif border=0 alt=compute width=40 height=20> in the <img src=/S/bagged.gif border=0 alt=bagged width=22 height=22>

  6. #6
    Bronze Lounger
    Join Date
    Jun 2001
    Location
    New York, New York, Lebanon
    Posts
    1,449
    Thanks
    1
    Thanked 1 Time in 1 Post

    Re: Backdoor to VBA project (2000)

    BigKev

    <<< Why not just make the workbook password protected and lock the project for viewing using the built in protection in VBA? >>>

    Because we have so many neat ways in cracking the password, its not even funny anymore.

    In Excel there is little that one can do to really protect the workbook. Short of standing by while the workbook is being used, the security in Excel leaves a lot of open holes.

    Wassim
    <img src=/S/compute.gif border=0 alt=compute width=40 height=20> in the <img src=/S/bagged.gif border=0 alt=bagged width=22 height=22>

  7. #7
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Dallas plus 20 miles or so, Texas, USA
    Posts
    876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backdoor to VBA project (2000)

    I have no doubt you can break into it, however, in the environment in which it is being used, it doesn't really matter. All I am using the access form for essentially is to record who is doing what and when. After all a lock is to keep an honest person honest!

    I have since done the two workbook idea, one for myself and one with the security. When it locked me out before, the security was set and cancel key was disabled. Essentially I did what you suggested, disable the macros and then get into it.

    I don't think it will fit into your hotmail inbox, since they usually reject anything over 500k. It pulls information from three other text files in the same directory to put together the inventory price structure, number of managers at each store, and the labor matrix so I would have to send those as well. All in all, probably not much to be gained by sending it. This is strictly in- company, no commercial value except in the form of making a restaurant manager's job a little easier.

    Thanks for your help,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •