Security Changes in Access 2003

[Guest]

We are in the process of migrating from Access XP to Access 2003. Due to the
security enhancements in 2003, some of the VBA objects commonly used in our
existing system are now considered as possible security issues in 2003.
These seem to include use of objects like "DoCmd" or the "Err" object...at
least as far as I've been able to figure out from documents on MSDN. I
wanted to see if anyone knows of some documentation that exists to provide
guidance for alternate procedures more acceptable for 2003.

Although we could lower the security settings (a last resort), and/or use
digital signing/certificates, I just want to find documentation that might
cover these kind of issues for programmers. Also, any recommended books
would be helpful as well.

Our front end is fairly extensive in scope, but I want to begin a
modification to bring the system in-line with current standards. (Note: I
did find some info that lists functions considered "unsafe" for use in 2003,
but am looking for more details on alternate recommended practices.) FYI,
the current system is an Access XP front end with a SQL Server 2000 back end.
The front end is an MDB, not an Access Project format.

I really appreciate any input you can provide. I haven't been able to
search out a few good comprehensive documents (or books) that cover the
matter.

THANKS VERY MUCH!!!

 

[TC]

Although we could lower the security settings (a last resort), and/or use
digital signing/certificates, I just want to find documentation that might
cover these kind of issues for programmers.

Or - find a way to suppress the new warnings /without/ lowering the
macro security level or rewriting any of your code?

If the PCs in question can run VBScript, you can easily suppress /all/
the new warnings, by starting the database via a small VBScript file
which uses the AutomationSecurity property to drop the security for
that *single run* of Access.

blah.VBS:

dim o
set o=createobject ("Access.Application")
o.automationsecurity=1 ' low.
o.opencurrentdatabase "full path to your database"
o.visible=true
o.usercontrol=true
set o=nothing

HTH,
TC (MVP Access)
http://tc2.atspace.com

 

[Guest]

TC:

Thanks for the info. I wasn't aware of I could do this. Currently, I have
a few machines in our office running 2003 and I have them manually clicking
past the security warnings. However, since our company was bought by
another, I eventually have to ask my corporate mommy if it'll be OK to run
the system using in a lowered security setting. Another complicating factor
is that we have users on the west coast and several in the United Kingdom
running the database front end via a Citrix server (Terminal Services).

If I could ask another question, I think I saw that the "Err" object is not
considered good practice from a security standpoint in 2003. Do you know of
an alternate object or function to use instead? Since I can remember, books
on Access and VBA programming always used "Err" via a GoTo statement for
handling errors in a VBA procedure, e.g.:

Sub procname
On Error GoTo ErrHandler

<< procedure code here>>

ExitProc:
End Sub
ErrHandler:
MsgBox Err.Description & " -- " & Err.Number 'Alternate object/func
here???
Resume ExitProc
End Sub

Thanks!!!