Macro Warnings and certificates




I dont want to spend a few hundred dollars every year on a digital
certificate to authenticate my Access applications so there must be another

As the selfcert program only works on 1 machine I thought that if I could
allow each user to authenticate my apps through code in the app itself I
would not have to unlock the mde file in order to attach the certificate for
each installation.

Basically I want my users to click the authenticate button in their app
which will prompt to create a cert if one does not already exist and then
attach it to the app.

Anyone know how to attach a digital certificate in VBA (ACC 2003)?

Also if the app is using the runtime, what would need to be included in the
intstall package to allow a user (through my app) to -

a) generate a certificate
b) Attach the certificate to the project



Paul Overway

Rather that do what your envisioning, it would be better to just turn macro
security off...either for your app or all apps. If you're not going to sign
your app, there is no way to do what you propose short of shipping your
source code and having your users go through the process of signing the app
(if they have selfcert.exe)....which is not a user friendly process. Also,
there are no security advantages for the user in what you propose other than
the user would know if someone made changes to the app after they signed it.
The user would have to understand your source code or trust that it actually
came from you and that it isn't malicious....without a certificate. Hence,
no advantage.

You can turn macro security off through automation, if you aren't using
runtime. Otherwise, you can turn it off through the registry when you
install your app...but the registry change would apply to all apps and there
is a chance that someone could turn macro security on again.


Google this group for posts from me (TC) containing the word
"automationsecurity", for an easy way to disable the warnings.

My way works perfectly if your application is not secured, and the PC
lets you run scripts. It is harder, but not impossible, if your
application is secured (with Access user-level security).



Well there would be a definite advantage in allowing the user to authenticate
an application - i.e. it would be their decision to do so or not. And after
all, that is equivalent, in a way, to what we all do when we decide to
install (or not to install) a program on our systems.

Anyway, minor point. I can't believe that you can't automate this process!
Setting macro security to low is of course not an option - I could be sued if
somebody fired up a macros virus when I had recomended this setting across
all apps. Not a risk I would take with my customers.

I think I will have to leave the mde unlocked for the time being and do
things that way.

Thanks Wing

Think I need to explore this more

Paul Overway

The decision to trust your app or not is based on it being signed with a
certificate, which you indicate you do not want to purchase. With macro
security at medium or high, the user would never even see the form that you
are suggesting unless they first trust the unsigned app. So, no
better...and just as likely to be a vector for virus.


WingYip said:
What way is this anyway?

Google this group for posts from me (TC) containing the word

But that method is only for an unsecured app. It is difficult, but not
impossible, for a secured one. And it will not work with the
runtime-only version of Acess.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question