How to sign MS Access database

[Tõnu]

We transferred an Access application to Access 2003 and can not get rid of
the message "This file may not be safe if it contains code that was intended
to harm your computer ...". According to the article
http://office.microsoft.com/en-us/assistance/HA011071651033.aspx the message
should disappear if we sign the access file, however we can not find a way
how to do it. The closest we managed to find is an article about signing a
VBA project
(http://msdn.microsoft.com/library/d.../en-us/odeopg/html/deovrsigningvbaproject.asp).
When I try this on access -- open a module in VBA editor, I can not find
selection "Digital signatures" in the "Tools" menu ...

Two questions:
1. Did we get it right that the file (code or macros in the file?) must be
signed to get rid of this message?
2. How shall we proceed to get it signed (we have a MS Authenticode
signature from Thawte)?

Best regards,
Tonu

 

[Joan Wild]

Just go to Tools, Macro, Security and set it to low. You don't have to sign
it.

 

[Tõnu]

Just go to Tools, Macro, Security and set it to low. You don't have to

sign it.

This seems more like a workaround rather than a solution And I am not
sure if that is an option. First, the application is installed in many
client machines, so I shall be able to control them all. This can be
probably fixed by an installation script.

Secondly, if I have understood it correctly, setting the macro security to
"Low" will apply to the entire client environment, not to the particular
application. My client wont accept it, if I advice him to set macro security
low in (mostly) remote workstations that are occasionally connected to open
internet.

Is there any other options?

Best regards,

Tonu

 

[Joan Wild]

Have a look at
http://home.bendbroadband.com/conradsystems/accessjunkie/macrosecurity.html
for other possibilities.

 

[david epsom dot com dot au]

This seems more like a workaround rather than a solution

:~) Most people here think that a certificate is the workaround,
and that turning off this bizarre 'feature' is the solution.

Note that your MS Authenticode signature from Thawte is only
valid if the application is not changed. There are a couple
of common activities which automatically deactivate your
signature. You need to test your application to see if it
is still authenticated after it has run a couple of times.

Also, you can't sign A2000 databases. And you can't run
A2003 MDE's in A2000. So if any of your workstations still
have A2000, certificates are a dead end.

I have to say that all of my clients HAVE accepted this.

People are amazingly ignorant about security. They have
no idea that this 'security' feature is a waste of time,
but they are also perfectly happy to accept my advice about
it, and genuinely please that it makes their own database
systems usable again.

For your own peace of mind, it may help to realise that
there has never been a wild Access macro virus, and that
mdb's are blocked by current mail clients and internet
connections. If that remote workstation connected to
the open internet is up-to-date and correctly patched,
the user won't even be able to download and open an Access
database unless they have 'Administration' permissions.

Oddly enough, the same workstation will still be able
to download Excel spreadsheets and Word documents, both
of which notoriously have been vectors for virus transmission.
Neither of which require you to dance through a three
step process just to open the file.

(david)