Can a digital signature be used for only one Access database at a time
or can it be used for numerous Access databases provided they all come
from the same company?

If you are talking about code certificates, they can be used for more than a
single database, but they do need to be renewed each year. The new Office
2007 offers a way of avoiding the use of certificates or setting the
security level to low by creating trusted directories where all databases
placed withing the trusted folder do not require a certificate to avoid the
prompt. The only developers that I know that ever used code certificates
were those creating databases for retail sale.
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com

"JustinP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Can a digital signature be used for only one Access database at a time
> or can it be used for numerous Access databases provided they all come
> from the same company?
>

If you have the correct type of digital certificate, you can sign any VBA
project to which you have access. Makes no difference where it came from.

In my experience there are, however, many issues and anomalies with
certificates. I do not consider them to be good value for money.

--
Brendan Reynolds
Access MVP

"JustinP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Can a digital signature be used for only one Access database at a time
> or can it be used for numerous Access databases provided they all come
> from the same company?
>

Thanks for your advice. I am referring to digital certificates such as
those available from Verisign and Thawte. I am thinking of buying a two
year VBA developer code signing certificate from Thawte for US$400 for
the soul reason that i want everyone who opens my database to not have
to see the security warning on starting access (there are too many
users from different companies to configure each machine or request
that the user configure their security settings).

What are some of the issues you have encountered?


Brendan Reynolds wrote:

> If you have the correct type of digital certificate, you can sign any VBA
> project to which you have access. Makes no difference where it came from.
>
> In my experience there are, however, many issues and anomalies with
> certificates. I do not consider them to be good value for money.
>
> --
> Brendan Reynolds
> Access MVP
>
> "JustinP" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Can a digital signature be used for only one Access database at a time
> > or can it be used for numerous Access databases provided they all come
> > from the same company?
> >

On Dec 14, 10:40 am, "Arvin Meyer [MVP]" <a...@m.com> wrote:
> > Can a digital signature be used for only one Access database at a time
> > or can it be used for numerous Access databases provided they all come
> > from the same company?
>
> If you are talking about code certificates, they can be used for more than a
> single database, but they do need to be renewed each year.

Just to add a further point: you can get the certificate issuer's
webservice to 'countersign' the cerificate with a timestamp at the time
it was applied to the file, so that when the certificate expires a user
can stil have confidence in it because it was autenticated as correct
at the time of signing (e.g. you only have to renew the certificate
after making subsequent code changes).

See:

http://office.microsoft.com/en-us/he...565091033.aspx

Jamie.

--

So are you saying that if i change the code i have to renew the
certificate?


Jamie Collins wrote:

> On Dec 14, 10:40 am, "Arvin Meyer [MVP]" <a...@m.com> wrote:
> > > Can a digital signature be used for only one Access database at a time
> > > or can it be used for numerous Access databases provided they all come
> > > from the same company?
> >
> > If you are talking about code certificates, they can be used for more than a
> > single database, but they do need to be renewed each year.
>
> Just to add a further point: you can get the certificate issuer's
> webservice to 'countersign' the cerificate with a timestamp at the time
> it was applied to the file, so that when the certificate expires a user
> can stil have confidence in it because it was autenticated as correct
> at the time of signing (e.g. you only have to renew the certificate
> after making subsequent code changes).
>
> See:
>
> http://office.microsoft.com/en-us/he...565091033.aspx
>
> Jamie.
>
> --

JustinP wrote:
> So are you saying that if i change the code i have to renew the
> certificate?

No.

Contersigning means you don't have to reapply the certificate when it
expires if the code hasn't changed.

Jamie.

--

Merely signing the code will not prevent users from seeing the message the
first time they open your app. The users will still see the message until
and unless they choose to trust the certificate.

Some of the issues I have encountered include ...

I was able to sign code with a free e-mail-signing certificate and to choose
to trust that certificate, despite the fact that this type of certificate is
not intended for this purpose and is easily obtained by anyone - including
the bad guys.

Windows 2003 Server complains that it does not have sufficient information
to verify my valid, bought-and-paid-for code-signing certificate. (Windows
XP Pro SP2 has no problem with the same certificate).

An MDB created and signed in Access 2007 using Access 2000 or Access
2002/2003 format becomes unsigned when opened in Access 2003.

--
Brendan Reynolds
Access MVP


"JustinP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks for your advice. I am referring to digital certificates such as
> those available from Verisign and Thawte. I am thinking of buying a two
> year VBA developer code signing certificate from Thawte for US$400 for
> the soul reason that i want everyone who opens my database to not have
> to see the security warning on starting access (there are too many
> users from different companies to configure each machine or request
> that the user configure their security settings).
>
> What are some of the issues you have encountered?
>
>
> Brendan Reynolds wrote:
>
>> If you have the correct type of digital certificate, you can sign any VBA
>> project to which you have access. Makes no difference where it came from.
>>
>> In my experience there are, however, many issues and anomalies with
>> certificates. I do not consider them to be good value for money.
>>
>> --
>> Brendan Reynolds
>> Access MVP
>>
>> "JustinP" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Can a digital signature be used for only one Access database at a time
>> > or can it be used for numerous Access databases provided they all come
>> > from the same company?
>> >
>

Oh, yes, I nearly forgot - support for code-signing has been dropped in
Access 2007. (You can create something called a signed package, but this is
not equivalent to code-signing. When the user opens the package on their PC,
the MDB/ACCDB extracted from that package is unsigned.)

--
Brendan Reynolds
Access MVP

"Brendan Reynolds" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Merely signing the code will not prevent users from seeing the message the
> first time they open your app. The users will still see the message until
> and unless they choose to trust the certificate.
>
> Some of the issues I have encountered include ...
>
> I was able to sign code with a free e-mail-signing certificate and to
> choose to trust that certificate, despite the fact that this type of
> certificate is not intended for this purpose and is easily obtained by
> anyone - including the bad guys.
>
> Windows 2003 Server complains that it does not have sufficient information
> to verify my valid, bought-and-paid-for code-signing certificate. (Windows
> XP Pro SP2 has no problem with the same certificate).
>
> An MDB created and signed in Access 2007 using Access 2000 or Access
> 2002/2003 format becomes unsigned when opened in Access 2003.
>
> --
> Brendan Reynolds
> Access MVP
>
>
> "JustinP" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Thanks for your advice. I am referring to digital certificates such as
>> those available from Verisign and Thawte. I am thinking of buying a two
>> year VBA developer code signing certificate from Thawte for US$400 for
>> the soul reason that i want everyone who opens my database to not have
>> to see the security warning on starting access (there are too many
>> users from different companies to configure each machine or request
>> that the user configure their security settings).
>>
>> What are some of the issues you have encountered?
>>
>>
>> Brendan Reynolds wrote:
>>
>>> If you have the correct type of digital certificate, you can sign any
>>> VBA
>>> project to which you have access. Makes no difference where it came
>>> from.
>>>
>>> In my experience there are, however, many issues and anomalies with
>>> certificates. I do not consider them to be good value for money.
>>>
>>> --
>>> Brendan Reynolds
>>> Access MVP
>>>
>>> "JustinP" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>> > Can a digital signature be used for only one Access database at a time
>>> > or can it be used for numerous Access databases provided they all
>>> > come
>>> > from the same company?
>>> >
>>
>
>

Ach, sorry, don't know where my head is at today. I should have said that
code-signing is still supported when using MDB format, just not when using
the new Access 2007 ACCDB format.

--
Brendan Reynolds
Access MVP


"Brendan Reynolds" <(E-Mail Removed)> wrote in message
news:e%(E-Mail Removed)...
> Oh, yes, I nearly forgot - support for code-signing has been dropped in
> Access 2007. (You can create something called a signed package, but this
> is not equivalent to code-signing. When the user opens the package on
> their PC, the MDB/ACCDB extracted from that package is unsigned.)
>
> --
> Brendan Reynolds
> Access MVP
>
> "Brendan Reynolds" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Merely signing the code will not prevent users from seeing the message
>> the first time they open your app. The users will still see the message
>> until and unless they choose to trust the certificate.
>>
>> Some of the issues I have encountered include ...
>>
>> I was able to sign code with a free e-mail-signing certificate and to
>> choose to trust that certificate, despite the fact that this type of
>> certificate is not intended for this purpose and is easily obtained by
>> anyone - including the bad guys.
>>
>> Windows 2003 Server complains that it does not have sufficient
>> information to verify my valid, bought-and-paid-for code-signing
>> certificate. (Windows XP Pro SP2 has no problem with the same
>> certificate).
>>
>> An MDB created and signed in Access 2007 using Access 2000 or Access
>> 2002/2003 format becomes unsigned when opened in Access 2003.
>>
>> --
>> Brendan Reynolds
>> Access MVP
>>
>>
>> "JustinP" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Thanks for your advice. I am referring to digital certificates such as
>>> those available from Verisign and Thawte. I am thinking of buying a two
>>> year VBA developer code signing certificate from Thawte for US$400 for
>>> the soul reason that i want everyone who opens my database to not have
>>> to see the security warning on starting access (there are too many
>>> users from different companies to configure each machine or request
>>> that the user configure their security settings).
>>>
>>> What are some of the issues you have encountered?
>>>
>>>
>>> Brendan Reynolds wrote:
>>>
>>>> If you have the correct type of digital certificate, you can sign any
>>>> VBA
>>>> project to which you have access. Makes no difference where it came
>>>> from.
>>>>
>>>> In my experience there are, however, many issues and anomalies with
>>>> certificates. I do not consider them to be good value for money.
>>>>
>>>> --
>>>> Brendan Reynolds
>>>> Access MVP
>>>>
>>>> "JustinP" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>> > Can a digital signature be used for only one Access database at a
>>>> > time
>>>> > or can it be used for numerous Access databases provided they all
>>>> > come
>>>> > from the same company?
>>>> >
>>>
>>
>>
>
>