Results 1 to 6 of 6
  1. #1
    5 Star Lounger jujuraf's Avatar
    Join Date
    Jun 2001
    Location
    San Jose, California, USA
    Posts
    1,061
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Add-in Security (Excel 97/2000/2002)

    Up until now I've avoided using add-ins (for good reason in my case) but now my upper management wants to do only web-based tools instead of the Excel tools (which are heavily VBA modified) I've been writing for the last two years. In an attempt to avoid re-writing many 1000's of lines of VBA in Perl (and losing all the Excel benefits), I'm checking out my options. <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16>

    Their concern is that some of the tools have proprietary data in them (it's well hidden but we all know Excel is far from secure). We have a legal disclosure and other checks to try and avoid users who may care to violate the agreement, but there's still no guarantee. <img src=/S/bummer.gif border=0 alt=bummer width=15 height=15>

    How about if I move our proprietary data to an add-in and then I'll have to provide both the .xls file and the .xla file in a setup program for the end user. How secure is this add-in from hacking? I'd just use it as a look up for data, no code (although I guess I can add code in it too, just that I've never done that before - new territory).

    Any good sites to learn all the nitty gritty details of developing add-ins (the pros and cons)? I have seen a book from O'Reilly Press on developing VB add-ins but don't know if it applies to Office.

    EDITED TO ADD link to an add-in decompiler which sort of answers my questions about security <img src=/S/bwaaah.gif border=0 alt=bwaaah width=123 height=15>
    http://www.straxx.com/excel/decompil...decompile.html

    Deb

  2. #2
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Add-in Security (Excel 97/2000/2002)

    Well, you've still got the choices of writing your Add-ins in C++ (XLL files - Bill Hooper's site has some interesting stuff on that). These will work from 97 on up.

    In terms of minimising migration, from 2K on up you could use COM Add-ins (VB6 style). There's also the possibility of VB .NET COM Add-Ins. Apparently, it is possible to migrate VBA to VB .NET, but it may be the case that Excel 2k will not perform with the .NET Framework.

    HTH
    Gre

  3. #3
    5 Star Lounger jujuraf's Avatar
    Join Date
    Jun 2001
    Location
    San Jose, California, USA
    Posts
    1,061
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Add-in Security (Excel 97/2000/2002)

    Thanks for the tips. I did quite a bit of C++ five years ago so I'm rusty but I'll look into XLL files as you suggested.

    So with the COM add-in I'd have to create a setup.exe file that contains this COM file and the Excel file (.xls), right? The setup.exe would register the COM as usual (replacing any existing one of the same name). Are these secure from reverse engineering?

    I also need the VB developer's suite (or whatever it's called), right? I have the MSDN pro subscription so can obtain it from that I assume.

    How much of my existing VBA can I put in these add-ins? All of it? It's mostly the proprietary data that I'd like to hide but if I can hide all my code that'd be cool too. I assume I call it from my code like any other reference (any .dll or ActiveX object), right?

    Thnx, Deb

  4. #4
    5 Star Lounger jujuraf's Avatar
    Join Date
    Jun 2001
    Location
    San Jose, California, USA
    Posts
    1,061
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Add-in Security (Excel 97/2000/2002)

    I read the link you provided and I'm confused.... He says that .xll files "use the old Excel4 macro language methods to control Excel" and if you use the newer style COM add-in, this only works with Excel 2002 and above. It seems that neither one of these will work 100% for me since using the .xll means I have to re-write my existing VBA in the old style language (which doesn't support all the VBA calls I use) and using COM means I lose my end users who do not have Excel 2002.

    Am I missing something here? <img src=/S/confused.gif border=0 alt=confused width=15 height=20>

    Also, he refers to the MS Excel 97 Developer's kit to create Add-ins. Will this work for users of Excel 2000/2002 as well?

    Thnx, Deb

  5. #5
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Add-in Security (Excel 97/2000/2002)

    XLLs will definitely run on Excel 2000. I am fairly sure that they will also run on Excel 2002 and 2003. If you don't have any other resource, I could resurrect/load a program which interfaces with Excel through an XLL and test for certain. Your comments make it clearer why you have not used them before - given your past posts about hiding Worksheets etc.

    There is a fair amount of detail provided on COM Add-ins in the Office 2000 Developer Version CD Samples folder. As this was part of Universal and not Pro MSDN, you may not, however, have this yourself. For Excel 2K, the resources to compile a Com Add-In are both on the Office 2000 Developer Version and in VB6.

    If you are certain that not all your clients will have fully migrated above Excel 97 by the time your shop rolls out its web-based solution, then XLLs appear to be your most likely route.
    Gre

  6. #6
    5 Star Lounger jujuraf's Avatar
    Join Date
    Jun 2001
    Location
    San Jose, California, USA
    Posts
    1,061
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Add-in Security (Excel 97/2000/2002)

    Great info! This is what I was looking for. <img src=/S/clapping.gif border=0 alt=clapping width=19 height=23> The past several years I had the MSDN Universal subscription so I do have the MS Office Developer's kit CD. (I downgraded to Pro last year since most of the programs provided I never used so I wanted to save my employer money.) I'll play around with it this week.

    You're right about me not using XLL add-ins in the past since I had to avoid creating setup.exe files as my users expect .xls files. Also, I can't expect them to manually load an add-in, the setup program will have to do this on its own. This will all have to change with this new directive I've received to make these tools more secure (or re-write completely as web-based which I'm trying to avoid because it'll take a very long time and I'll lose functionality).

    The users of my tools are world-wide and many from South America and Asia still run Excel 97 so that's why I try to keep everything working with three versions of Excel. Since I now know that XLLs are not much more secure than regular .xls files, I'll have to go with the newer COM add-ins which will not work with these older Excel users. Oh well, there's nothing I can do if security is new priority.

    Thanks again, <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>
    Deb

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •