Excel & Security

[mich]

Group,

A user in my company recently presented me a cool "product
configuration" tool he'd created within Excel. He must have spent
hours/days/weeks creating it.
We are working in a Citrix environment, and I would like for the rest
of my users to use this configuration tool.

However, I would like to prevent my users from "running" off with the
tool. So I am trying to consider different ways of securing it.
Obviously I can make it read-only, so they'll need to enter a password
to be able to make changes.

Is there a way to lock it further down - like fx. putting a password
protection in place, that will either check a web application for
authentication, or expire after say 1 month?

I am aware that the tool should have not been done in Excel, but
rather some sort of DB application. This, however, is not the case.

Any hints would be much appreciated.

Mike

 

[Guest]

The general rule is Excel is neither a secure program nor securable.

How technically proficient are your users? By which I mean, can they do the
following:

1) Google "excel password cracker"
2) Install the macro code they find as a result of such a google search
3) Run the macro

Doubtless most people with the interest in stealing a workbook from its
creator can do the above three things.

Dave

 

[Dave Peterson]

There's nothing you can do to stop people from copying the file to a different
location (and take it home?).

You could give yourself a false sense of security by using macros to try to
disable workbook if it isn't opened in an approved location (from a network
drive???), but this kind of protection can be broken by anyone who wants to.

 

[mich]

The general rule is Excel is neither a secure program nor securable.

How technically proficient are your users? By which I mean, can they do the
following:

1) Google "excel password cracker"
2) Install the macro code they find as a result of such a google search
3) Run the macro

Haha.. I'm aware of this. Luckily my users are not able to do this -
and if they are; they are welcome to take the file.
I just want to do a "simple" first defense.

Mike

 

[mich]

There's nothing you can do to stop people from copying the file to a different
location (and take it home?).

You could give yourself a false sense of security by using macros to try to
disable workbook if it isn't opened in an approved location (from a network
drive???), but this kind of protection can be broken by anyone who wants to.

Thanks. I was not aware that this is possible via macros.
I'll give it a try.

Thanks.

Mike

 

[Dave Peterson]

My point was that even if you rely on some macro solution, then you're doomed to
failure. It'll only provide you with a false sense of security.

 

[mich]

My point was that even if you rely on some macro solution, then you're doomed to
failure. It'll only provide you with a false sense of security.

Yes. I understand - but it'll do fine for now - even though it is not
protected.

Mike

 

[Bill Ridgeway]

Firstly, there is no such thing as 100% security. What can be coded can be
decoded. Remember, during WW2, the Germans thought their codes could not be
cracked and, to make matters worse, couldn't accept evidence that their
codes were being cracked.



One way of securing information is to use a password manager. A1 Roboform
Pro and Keepass Password Safe received a good rating from PCPro recently. I
don't know how difficult they are to use or how efficient they are in
security.



Regards.


Bill Ridgeway
Computer Solutions