Welcome to SPN

Register and Join the most happening forum of Sikh community & intellectuals from around the world.

Sign Up Now!

Self-Signing an Access 2000 mde does not work

Discussion in 'Information Technology' started by rdemyan via AccessMonster.com, Jul 28, 2006.

  1. rdemyan via AccessMonster.com

    Guest

    I have an Access database that has A2K format. I recently installed A2003.
    I created a digital certificate and self-signed the code in A2003 (however,
    format is A2K). I then opened up A2K and created a .mde file from the mdb
    file that was just self-signed.

    Now I cannot open the .mde file in A2003. It tells me that "The code or
    macros in this file do not match the digital signature......." It won't
    allow the file to be opened.

    Strangely, the .mdb file can't be opened either in A2003 and I'm getting the
    same error message. Fortunately, I can just change the macro security
    setting to Low and then resign the code and that works. But my company will
    not allow Access to run at anything other than Medium security.

    I guess the act of creating the .mde file caused a change and now A2003 will
    not open the file if the Security is anything other than Low.

    So is there any workaround or is this the end of the road for my A2K mde?
    Is this a problem with an A2003 mde. I certainly hope not!!!?

    --
    Message posted via AccessMonster.com
    http://www.accessmonster.com/Uwe/Forums.aspx/access/200606/1
     
  2. Loading...


  3. '69 Camaro

    '69 Camaro
    Expand Collapse
    Guest

    Hi.

    > I then opened up A2K and created a .mde file from the mdb
    > file that was just self-signed.
    >
    > Now I cannot open the .mde file in A2003.


    Of course not. The new MDE file is a different file from the MDB file that
    you signed. Good thing you didn't do this to the file before the service
    pack was installed. You would have corrupted the file beyond repair by
    opening it in Access 2000 after it had been digitally signed, because Access
    2000 database format doesn't support digital signatures.

    > Strangely, the .mdb file can't be opened either in A2003 and I'm getting
    > the
    > same error message.


    It's not strange at all. It's by design. You invalidated the digital
    signature by opening the file in Access 2000 and running the MDE conversion
    utility. To explain, you opened the MDB file in Access 2000, which doesn't
    support digital signatures, so slight changes were made to the file in order
    to successfully create the MDE file, making it "altered" from the original.
    If a signed file has been altered, then the digital signature becomes
    invalid. That's what digital signatures are for.

    > So is there any workaround


    No. Access 2003 is the first version of Access that supports digital
    signatures. Don't try to put a digital signature on files from earlier
    database formats, because they don't support digital signatures and aren't
    going to be retrofitted to do so in the future.

    > is this the end of the road for my A2K mde?


    Of course not. Access 2000 MDE's will run just fine in Access 2000, Access
    2002, and Access 2003 (when Access 2003's Macro Security is set to low).

    > Is this a problem with an A2003 mde.


    No. Access 2003 database format files are designed to work with digital
    signatures. Why would you think that failure in applying a digital
    signature to a database format file that doesn't support digital signatures
    should yield the same result for a database format that does support digital
    signatures?

    HTH.
    Gunny

    See http://www.QBuilt.com for all your database needs.
    See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    info.


    "rdemyan via AccessMonster.com" <u6836@uwe> wrote in message
    news:6208d739bc961@uwe...
    >I have an Access database that has A2K format. I recently installed A2003.
    > I created a digital certificate and self-signed the code in A2003
    > (however,
    > format is A2K). I then opened up A2K and created a .mde file from the mdb
    > file that was just self-signed.
    >
    > Now I cannot open the .mde file in A2003. It tells me that "The code or
    > macros in this file do not match the digital signature......." It won't
    > allow the file to be opened.
    >
    > Strangely, the .mdb file can't be opened either in A2003 and I'm getting
    > the
    > same error message. Fortunately, I can just change the macro security
    > setting to Low and then resign the code and that works. But my company
    > will
    > not allow Access to run at anything other than Medium security.
    >
    > I guess the act of creating the .mde file caused a change and now A2003
    > will
    > not open the file if the Security is anything other than Low.
    >
    > So is there any workaround or is this the end of the road for my A2K mde?
    > Is this a problem with an A2003 mde. I certainly hope not!!!?
    >
    > --
    > Message posted via AccessMonster.com
    > http://www.accessmonster.com/Uwe/Forums.aspx/access/200606/1
     
  4. rdemyan via AccessMonster.com

    Guest

    Thanks, Gunny:

    I guess this means that I'll need to convert to A2003 format if I want to
    create a .mde file that can use digital signatures.

    Speaking of that, the "company" that I work with has taken control of the
    computers. No one has adminstration rights on their computers, executables
    cannot be installed and zip files won't make it through the e-mail system.
    I'm wondering about getting a digital certificate from Verisign or Thawte. I
    don't even know if I'll be able to install it on their computers, and I'd
    prefer not to blow a few hundred bucks.

    Could I test this out by trying to import a self certificate authority. I
    tried this with one of my own computers and the import said it worked fine,
    but I couldn't find the CA anywhere for use. I probably don't know what I'm
    doing.

    More insight is greatly appreciated.

    Thanks.

    '69 Camaro wrote:
    >Hi.
    >
    >> I then opened up A2K and created a .mde file from the mdb
    >> file that was just self-signed.
    >>
    >> Now I cannot open the .mde file in A2003.

    >
    >Of course not. The new MDE file is a different file from the MDB file that
    >you signed. Good thing you didn't do this to the file before the service
    >pack was installed. You would have corrupted the file beyond repair by
    >opening it in Access 2000 after it had been digitally signed, because Access
    >2000 database format doesn't support digital signatures.
    >
    >> Strangely, the .mdb file can't be opened either in A2003 and I'm getting
    >> the
    >> same error message.

    >
    >It's not strange at all. It's by design. You invalidated the digital
    >signature by opening the file in Access 2000 and running the MDE conversion
    >utility. To explain, you opened the MDB file in Access 2000, which doesn't
    >support digital signatures, so slight changes were made to the file in order
    >to successfully create the MDE file, making it "altered" from the original.
    >If a signed file has been altered, then the digital signature becomes
    >invalid. That's what digital signatures are for.
    >
    >> So is there any workaround

    >
    >No. Access 2003 is the first version of Access that supports digital
    >signatures. Don't try to put a digital signature on files from earlier
    >database formats, because they don't support digital signatures and aren't
    >going to be retrofitted to do so in the future.
    >
    >> is this the end of the road for my A2K mde?

    >
    >Of course not. Access 2000 MDE's will run just fine in Access 2000, Access
    >2002, and Access 2003 (when Access 2003's Macro Security is set to low).
    >
    >> Is this a problem with an A2003 mde.

    >
    >No. Access 2003 database format files are designed to work with digital
    >signatures. Why would you think that failure in applying a digital
    >signature to a database format file that doesn't support digital signatures
    >should yield the same result for a database format that does support digital
    >signatures?
    >
    >HTH.
    >Gunny
    >
    >See http://www.QBuilt.com for all your database needs.
    >See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >info.
    >
    >>I have an Access database that has A2K format. I recently installed A2003.
    >> I created a digital certificate and self-signed the code in A2003

    >[quoted text clipped - 19 lines]
    >> So is there any workaround or is this the end of the road for my A2K mde?
    >> Is this a problem with an A2003 mde. I certainly hope not!!!?


    --
    Message posted via AccessMonster.com
    http://www.accessmonster.com/Uwe/Forums.aspx/access/200606/1
     
  5. '69 Camaro

    '69 Camaro
    Expand Collapse
    Guest

    Hi.

    > I guess this means that I'll need to convert to A2003 format if I want to
    > create a .mde file that can use digital signatures.


    Yes.

    > No one has adminstration rights on their computers, executables
    > cannot be installed and zip files won't make it through the e-mail system.


    They've been hit hard with Windows security problems and irresponsible users
    that they found out cost them dearly. Send only zipped files that have been
    virus-checked and renamed to a different file extension that isn't blocked,
    such as .Nut.

    > I'm wondering about getting a digital certificate from Verisign or Thawte.
    > I
    > don't even know if I'll be able to install it on their computers, and I'd
    > prefer not to blow a few hundred bucks.


    You probably won't be able to install the certificates on their computers
    without their cooperation, i.e., one of their IT guys logging into each
    computer as the Administrator to install the digital certificate.

    > Could I test this out by trying to import a self certificate authority.


    Yes. A SelfCert digital certificate will work for medium level Macro
    Security, but not for high.

    > I
    > tried this with one of my own computers and the import said it worked
    > fine,
    > but I couldn't find the CA anywhere for use. I probably don't know what
    > I'm
    > doing.


    This article for installing a SelfCert digital certificate on multiple
    computers for Word documents may give you some clues:

    http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

    HTH.
    Gunny

    See http://www.QBuilt.com for all your database needs.
    See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    info.


    "rdemyan via AccessMonster.com" <u6836@uwe> wrote in message
    news:620a7d30f8044@uwe...
    > Thanks, Gunny:
    >
    > I guess this means that I'll need to convert to A2003 format if I want to
    > create a .mde file that can use digital signatures.
    >
    > Speaking of that, the "company" that I work with has taken control of the
    > computers. No one has adminstration rights on their computers,
    > executables
    > cannot be installed and zip files won't make it through the e-mail system.
    > I'm wondering about getting a digital certificate from Verisign or Thawte.
    > I
    > don't even know if I'll be able to install it on their computers, and I'd
    > prefer not to blow a few hundred bucks.
    >
    > Could I test this out by trying to import a self certificate authority. I
    > tried this with one of my own computers and the import said it worked
    > fine,
    > but I couldn't find the CA anywhere for use. I probably don't know what
    > I'm
    > doing.
    >
    > More insight is greatly appreciated.
    >
    > Thanks.
    >
    > '69 Camaro wrote:
    >>Hi.
    >>
    >>> I then opened up A2K and created a .mde file from the mdb
    >>> file that was just self-signed.
    >>>
    >>> Now I cannot open the .mde file in A2003.

    >>
    >>Of course not. The new MDE file is a different file from the MDB file
    >>that
    >>you signed. Good thing you didn't do this to the file before the service
    >>pack was installed. You would have corrupted the file beyond repair by
    >>opening it in Access 2000 after it had been digitally signed, because
    >>Access
    >>2000 database format doesn't support digital signatures.
    >>
    >>> Strangely, the .mdb file can't be opened either in A2003 and I'm getting
    >>> the
    >>> same error message.

    >>
    >>It's not strange at all. It's by design. You invalidated the digital
    >>signature by opening the file in Access 2000 and running the MDE
    >>conversion
    >>utility. To explain, you opened the MDB file in Access 2000, which
    >>doesn't
    >>support digital signatures, so slight changes were made to the file in
    >>order
    >>to successfully create the MDE file, making it "altered" from the
    >>original.
    >>If a signed file has been altered, then the digital signature becomes
    >>invalid. That's what digital signatures are for.
    >>
    >>> So is there any workaround

    >>
    >>No. Access 2003 is the first version of Access that supports digital
    >>signatures. Don't try to put a digital signature on files from earlier
    >>database formats, because they don't support digital signatures and aren't
    >>going to be retrofitted to do so in the future.
    >>
    >>> is this the end of the road for my A2K mde?

    >>
    >>Of course not. Access 2000 MDE's will run just fine in Access 2000,
    >>Access
    >>2002, and Access 2003 (when Access 2003's Macro Security is set to low).
    >>
    >>> Is this a problem with an A2003 mde.

    >>
    >>No. Access 2003 database format files are designed to work with digital
    >>signatures. Why would you think that failure in applying a digital
    >>signature to a database format file that doesn't support digital
    >>signatures
    >>should yield the same result for a database format that does support
    >>digital
    >>signatures?
    >>
    >>HTH.
    >>Gunny
    >>
    >>See http://www.QBuilt.com for all your database needs.
    >>See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >>http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >>info.
    >>
    >>>I have an Access database that has A2K format. I recently installed
    >>>A2003.
    >>> I created a digital certificate and self-signed the code in A2003

    >>[quoted text clipped - 19 lines]
    >>> So is there any workaround or is this the end of the road for my A2K
    >>> mde?
    >>> Is this a problem with an A2003 mde. I certainly hope not!!!?

    >
    > --
    > Message posted via AccessMonster.com
    > http://www.accessmonster.com/Uwe/Forums.aspx/access/200606/1
     
  6. '69 Camaro

    '69 Camaro
    Expand Collapse
    Guest

    Hi.

    > I guess this means that I'll need to convert to A2003 format if I want to
    > create a .mde file that can use digital signatures.


    Yes.

    > No one has adminstration rights on their computers, executables
    > cannot be installed and zip files won't make it through the e-mail system.


    It means that they've been hit hard with Windows security problems and
    irresponsible users, and found out it cost them dearly. Send only zipped
    files that have been virus-checked and the file name extension changed to
    one that isn't blocked, such as .Nut.

    > I'm wondering about getting a digital certificate from Verisign or Thawte.
    > I
    > don't even know if I'll be able to install it on their computers, and I'd
    > prefer not to blow a few hundred bucks.


    It's unlikely that you'll be able to install the certificates without the
    cooperation of their IT department, i.e., one of their IT guys logging into
    each computer and installing the certificate for you.

    > Could I test this out by trying to import a self certificate authority.


    Yes. However, SelfCert digital certificates will only work for medium level
    Macro Security, not high level.

    > I
    > tried this with one of my own computers and the import said it worked
    > fine,
    > but I couldn't find the CA anywhere for use. I probably don't know what
    > I'm
    > doing.


    Perhaps the following article for installing a SelfCert digital certificate
    on multiple computers for Word documents will give you some clues:

    http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194

    HTH.
    Gunny

    See http://www.QBuilt.com for all your database needs.
    See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    info.


    "rdemyan via AccessMonster.com" <u6836@uwe> wrote in message
    news:620a7d30f8044@uwe...
    > Thanks, Gunny:
    >
    > I guess this means that I'll need to convert to A2003 format if I want to
    > create a .mde file that can use digital signatures.
    >
    > Speaking of that, the "company" that I work with has taken control of the
    > computers. No one has adminstration rights on their computers,
    > executables
    > cannot be installed and zip files won't make it through the e-mail system.
    > I'm wondering about getting a digital certificate from Verisign or Thawte.
    > I
    > don't even know if I'll be able to install it on their computers, and I'd
    > prefer not to blow a few hundred bucks.
    >
    > Could I test this out by trying to import a self certificate authority. I
    > tried this with one of my own computers and the import said it worked
    > fine,
    > but I couldn't find the CA anywhere for use. I probably don't know what
    > I'm
    > doing.
    >
    > More insight is greatly appreciated.
    >
    > Thanks.
    >
    > '69 Camaro wrote:
    >>Hi.
    >>
    >>> I then opened up A2K and created a .mde file from the mdb
    >>> file that was just self-signed.
    >>>
    >>> Now I cannot open the .mde file in A2003.

    >>
    >>Of course not. The new MDE file is a different file from the MDB file
    >>that
    >>you signed. Good thing you didn't do this to the file before the service
    >>pack was installed. You would have corrupted the file beyond repair by
    >>opening it in Access 2000 after it had been digitally signed, because
    >>Access
    >>2000 database format doesn't support digital signatures.
    >>
    >>> Strangely, the .mdb file can't be opened either in A2003 and I'm getting
    >>> the
    >>> same error message.

    >>
    >>It's not strange at all. It's by design. You invalidated the digital
    >>signature by opening the file in Access 2000 and running the MDE
    >>conversion
    >>utility. To explain, you opened the MDB file in Access 2000, which
    >>doesn't
    >>support digital signatures, so slight changes were made to the file in
    >>order
    >>to successfully create the MDE file, making it "altered" from the
    >>original.
    >>If a signed file has been altered, then the digital signature becomes
    >>invalid. That's what digital signatures are for.
    >>
    >>> So is there any workaround

    >>
    >>No. Access 2003 is the first version of Access that supports digital
    >>signatures. Don't try to put a digital signature on files from earlier
    >>database formats, because they don't support digital signatures and aren't
    >>going to be retrofitted to do so in the future.
    >>
    >>> is this the end of the road for my A2K mde?

    >>
    >>Of course not. Access 2000 MDE's will run just fine in Access 2000,
    >>Access
    >>2002, and Access 2003 (when Access 2003's Macro Security is set to low).
    >>
    >>> Is this a problem with an A2003 mde.

    >>
    >>No. Access 2003 database format files are designed to work with digital
    >>signatures. Why would you think that failure in applying a digital
    >>signature to a database format file that doesn't support digital
    >>signatures
    >>should yield the same result for a database format that does support
    >>digital
    >>signatures?
    >>
    >>HTH.
    >>Gunny
    >>
    >>See http://www.QBuilt.com for all your database needs.
    >>See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >>http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >>info.
    >>
    >>>I have an Access database that has A2K format. I recently installed
    >>>A2003.
    >>> I created a digital certificate and self-signed the code in A2003

    >>[quoted text clipped - 19 lines]
    >>> So is there any workaround or is this the end of the road for my A2K
    >>> mde?
    >>> Is this a problem with an A2003 mde. I certainly hope not!!!?

    >
    > --
    > Message posted via AccessMonster.com
    > http://www.accessmonster.com/Uwe/Forums.aspx/access/200606/1
     
  7. rdemyan via AccessMonster.com

    Guest

    Well, I'm at the clients and it looks like I was able to successfully install
    a self-signed digital certificate (code was signed on my laptop) on one of
    their machines. However, one of the two messages is still coming up.

    The first message: "Security Warning: Unsafe expressions are not blocked. ....
    ....."
    This message still appears.

    The second message: ".....This file may not be safe if it contains code that
    is intended to harm your computer...."
    This message is now gone.

    I'm unclear on why the first message didn't disappear as well after the self-
    signed certificate was installed.

    Macro security is set to medium.

    Thanks.

    '69 Camaro wrote:
    >Hi.
    >
    >> I guess this means that I'll need to convert to A2003 format if I want to
    >> create a .mde file that can use digital signatures.

    >
    >Yes.
    >
    >> No one has adminstration rights on their computers, executables
    >> cannot be installed and zip files won't make it through the e-mail system.

    >
    >It means that they've been hit hard with Windows security problems and
    >irresponsible users, and found out it cost them dearly. Send only zipped
    >files that have been virus-checked and the file name extension changed to
    >one that isn't blocked, such as .Nut.
    >
    >> I'm wondering about getting a digital certificate from Verisign or Thawte.
    >> I
    >> don't even know if I'll be able to install it on their computers, and I'd
    >> prefer not to blow a few hundred bucks.

    >
    >It's unlikely that you'll be able to install the certificates without the
    >cooperation of their IT department, i.e., one of their IT guys logging into
    >each computer and installing the certificate for you.
    >
    >> Could I test this out by trying to import a self certificate authority.

    >
    >Yes. However, SelfCert digital certificates will only work for medium level
    >Macro Security, not high level.
    >
    >> I
    >> tried this with one of my own computers and the import said it worked
    >> fine,
    >> but I couldn't find the CA anywhere for use. I probably don't know what
    >> I'm
    >> doing.

    >
    >Perhaps the following article for installing a SelfCert digital certificate
    >on multiple computers for Word documents will give you some clues:
    >
    >http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194
    >
    >HTH.
    >Gunny
    >
    >See http://www.QBuilt.com for all your database needs.
    >See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >info.
    >
    >> Thanks, Gunny:
    >>

    >[quoted text clipped - 90 lines]
    >>>> mde?
    >>>> Is this a problem with an A2003 mde. I certainly hope not!!!?


    --
    Message posted via AccessMonster.com
    http://www.accessmonster.com/Uwe/Forums.aspx/access/200606/1
     
  8. '69 Camaro

    '69 Camaro
    Expand Collapse
    Guest

    Hi.


    > The first message: "Security Warning: Unsafe expressions are not blocked.
    > ....
    > ...."
    > This message still appears.


    It's a separate issue which has been enabled with Jet 4.0 SP-8. Press the
    "Yes" button. This should make a change in the Windows Registry, and you
    shouldn't see this prompt again on that computer, no matter which user is
    logged in. If you do, then it means that either this user doesn't have
    sufficient permissions to make this Registry change and an Administrator
    needs to log on to make the change, or it means that group policy is
    rewriting your setting, and there's nothing you can do about it except try
    to reason with management to get them to leave it alone.

    > I'm unclear on why the first message didn't disappear as well after the
    > self-
    > signed certificate was installed.


    Setting the Macro Security level higher than low enables the user to choose
    whether or not expressions are blocked by Jet. Until they're blocked, the
    user will be prompted every time he opens a database, so most people choose
    to have expressions blocked to get rid of this annoying prompt. When the
    Macro Security level is later reduced to low, the user is prompted about
    whether or not he wants to now allow the evaluation of potentially unsafe
    expressions. Press the "Yes" button when this prompt comes up, and you
    shouldn't be bothered by any more prompts unless a problem I've listed above
    occurs, in which case, you know what to do.

    HTH.
    Gunny

    See http://www.QBuilt.com for all your database needs.
    See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    info.


    "rdemyan via AccessMonster.com" <u6836@uwe> wrote in message
    news:6212c9b2427da@uwe...
    > Well, I'm at the clients and it looks like I was able to successfully
    > install
    > a self-signed digital certificate (code was signed on my laptop) on one of
    > their machines. However, one of the two messages is still coming up.
    >
    > The first message: "Security Warning: Unsafe expressions are not blocked.
    > ....
    > ...."
    > This message still appears.
    >
    > The second message: ".....This file may not be safe if it contains code
    > that
    > is intended to harm your computer...."
    > This message is now gone.
    >
    > I'm unclear on why the first message didn't disappear as well after the
    > self-
    > signed certificate was installed.
    >
    > Macro security is set to medium.
    >
    > Thanks.
    >
    > '69 Camaro wrote:
    >>Hi.
    >>
    >>> I guess this means that I'll need to convert to A2003 format if I want
    >>> to
    >>> create a .mde file that can use digital signatures.

    >>
    >>Yes.
    >>
    >>> No one has adminstration rights on their computers, executables
    >>> cannot be installed and zip files won't make it through the e-mail
    >>> system.

    >>
    >>It means that they've been hit hard with Windows security problems and
    >>irresponsible users, and found out it cost them dearly. Send only zipped
    >>files that have been virus-checked and the file name extension changed to
    >>one that isn't blocked, such as .Nut.
    >>
    >>> I'm wondering about getting a digital certificate from Verisign or
    >>> Thawte.
    >>> I
    >>> don't even know if I'll be able to install it on their computers, and
    >>> I'd
    >>> prefer not to blow a few hundred bucks.

    >>
    >>It's unlikely that you'll be able to install the certificates without the
    >>cooperation of their IT department, i.e., one of their IT guys logging
    >>into
    >>each computer and installing the certificate for you.
    >>
    >>> Could I test this out by trying to import a self certificate authority.

    >>
    >>Yes. However, SelfCert digital certificates will only work for medium
    >>level
    >>Macro Security, not high level.
    >>
    >>> I
    >>> tried this with one of my own computers and the import said it worked
    >>> fine,
    >>> but I couldn't find the CA anywhere for use. I probably don't know what
    >>> I'm
    >>> doing.

    >>
    >>Perhaps the following article for installing a SelfCert digital
    >>certificate
    >>on multiple computers for Word documents will give you some clues:
    >>
    >>http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194
    >>
    >>HTH.
    >>Gunny
    >>
    >>See http://www.QBuilt.com for all your database needs.
    >>See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >>http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >>info.
    >>
    >>> Thanks, Gunny:
    >>>

    >>[quoted text clipped - 90 lines]
    >>>>> mde?
    >>>>> Is this a problem with an A2003 mde. I certainly hope not!!!?

    >
    > --
    > Message posted via AccessMonster.com
    > http://www.accessmonster.com/Uwe/Forums.aspx/access/200606/1
     
  9. '69 Camaro

    '69 Camaro
    Expand Collapse
    Guest

    Oh, yeah. I forgot to mention that the user might voluntarily choose to
    block potentially unsafe expressions again if he gets the prompt when he's
    not running your digitally signed database file, in order to get rid of
    these annoying prompts. He can't win.

    HTH.
    Gunny

    See http://www.QBuilt.com for all your database needs.
    See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    info.


    "'69 Camaro" <ForwardZERO_SPAM.To.69Camaro@Spameater.orgZERO_SPAM> wrote in
    message news:uBvuMqLlGHA.4080@TK2MSFTNGP03.phx.gbl...
    > Hi.
    >
    >> The first message: "Security Warning: Unsafe expressions are not blocked.
    >> ....
    >> ...."
    >> This message still appears.

    >
    > It's a separate issue which has been enabled with Jet 4.0 SP-8. Press the
    > "Yes" button. This should make a change in the Windows Registry, and you
    > shouldn't see this prompt again on that computer, no matter which user is
    > logged in. If you do, then it means that either this user doesn't have
    > sufficient permissions to make this Registry change and an Administrator
    > needs to log on to make the change, or it means that group policy is
    > rewriting your setting, and there's nothing you can do about it except try
    > to reason with management to get them to leave it alone.
    >
    >> I'm unclear on why the first message didn't disappear as well after the
    >> self-
    >> signed certificate was installed.

    >
    > Setting the Macro Security level higher than low enables the user to
    > choose whether or not expressions are blocked by Jet. Until they're
    > blocked, the user will be prompted every time he opens a database, so most
    > people choose to have expressions blocked to get rid of this annoying
    > prompt. When the Macro Security level is later reduced to low, the user
    > is prompted about whether or not he wants to now allow the evaluation of
    > potentially unsafe expressions. Press the "Yes" button when this prompt
    > comes up, and you shouldn't be bothered by any more prompts unless a
    > problem I've listed above occurs, in which case, you know what to do.
    >
    > HTH.
    > Gunny
    >
    > See http://www.QBuilt.com for all your database needs.
    > See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    > http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    > info.
    >
    >
    > "rdemyan via AccessMonster.com" <u6836@uwe> wrote in message
    > news:6212c9b2427da@uwe...
    >> Well, I'm at the clients and it looks like I was able to successfully
    >> install
    >> a self-signed digital certificate (code was signed on my laptop) on one
    >> of
    >> their machines. However, one of the two messages is still coming up.
    >>
    >> The first message: "Security Warning: Unsafe expressions are not blocked.
    >> ....
    >> ...."
    >> This message still appears.
    >>
    >> The second message: ".....This file may not be safe if it contains code
    >> that
    >> is intended to harm your computer...."
    >> This message is now gone.
    >>
    >> I'm unclear on why the first message didn't disappear as well after the
    >> self-
    >> signed certificate was installed.
    >>
    >> Macro security is set to medium.
    >>
    >> Thanks.
    >>
    >> '69 Camaro wrote:
    >>>Hi.
    >>>
    >>>> I guess this means that I'll need to convert to A2003 format if I want
    >>>> to
    >>>> create a .mde file that can use digital signatures.
    >>>
    >>>Yes.
    >>>
    >>>> No one has adminstration rights on their computers, executables
    >>>> cannot be installed and zip files won't make it through the e-mail
    >>>> system.
    >>>
    >>>It means that they've been hit hard with Windows security problems and
    >>>irresponsible users, and found out it cost them dearly. Send only zipped
    >>>files that have been virus-checked and the file name extension changed to
    >>>one that isn't blocked, such as .Nut.
    >>>
    >>>> I'm wondering about getting a digital certificate from Verisign or
    >>>> Thawte.
    >>>> I
    >>>> don't even know if I'll be able to install it on their computers, and
    >>>> I'd
    >>>> prefer not to blow a few hundred bucks.
    >>>
    >>>It's unlikely that you'll be able to install the certificates without the
    >>>cooperation of their IT department, i.e., one of their IT guys logging
    >>>into
    >>>each computer and installing the certificate for you.
    >>>
    >>>> Could I test this out by trying to import a self certificate authority.
    >>>
    >>>Yes. However, SelfCert digital certificates will only work for medium
    >>>level
    >>>Macro Security, not high level.
    >>>
    >>>> I
    >>>> tried this with one of my own computers and the import said it worked
    >>>> fine,
    >>>> but I couldn't find the CA anywhere for use. I probably don't know
    >>>> what
    >>>> I'm
    >>>> doing.
    >>>
    >>>Perhaps the following article for installing a SelfCert digital
    >>>certificate
    >>>on multiple computers for Word documents will give you some clues:
    >>>
    >>>http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194
    >>>
    >>>HTH.
    >>>Gunny
    >>>
    >>>See http://www.QBuilt.com for all your database needs.
    >>>See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >>>http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >>>info.
    >>>
    >>>> Thanks, Gunny:
    >>>>
    >>>[quoted text clipped - 90 lines]
    >>>>>> mde?
    >>>>>> Is this a problem with an A2003 mde. I certainly hope not!!!?

    >>
    >> --
    >> Message posted via AccessMonster.com
    >> http://www.accessmonster.com/Uwe/Forums.aspx/access/200606/1

    >
    >
     
  10. rdemyan via AccessMonster.com

    Guest

    If I self-sign my app, then every time there is an update, the user will have
    to go through the whole deal of getting the self-signature to work.

    What happens if I get a certificate through a valid third-party (Verisign,
    etc), when I send out an update to my app. Also, if the certificate expires,
    then I suppose that users will have a message pop up every time they open the
    app, just like one does on internet websites where a certificate has expired.

    Thanks.

    '69 Camaro wrote:
    >Oh, yeah. I forgot to mention that the user might voluntarily choose to
    >block potentially unsafe expressions again if he gets the prompt when he's
    >not running your digitally signed database file, in order to get rid of
    >these annoying prompts. He can't win.
    >
    >HTH.
    >Gunny
    >
    >See http://www.QBuilt.com for all your database needs.
    >See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >info.
    >
    >> Hi.
    >>

    >[quoted text clipped - 120 lines]
    >>>>>>> mde?
    >>>>>>> Is this a problem with an A2003 mde. I certainly hope not!!!?


    --
    Message posted via AccessMonster.com
    http://www.accessmonster.com/Uwe/Forums.aspx/access/200607/1
     
  11. '69 Camaro

    '69 Camaro
    Expand Collapse
    Guest

    Hi.

    > If I self-sign my app, then every time there is an update, the user will
    > have
    > to go through the whole deal of getting the self-signature to work.


    Unless you're creating a whole new SelfCert digital certificate for each new
    version of your application, then signing any Access 2003 database
    application file with your specific digital signature will be accepted on
    any computer with Access 2003 installed that has that digital signature as
    "trusted" and the Macro Security set to Low or Medium.

    > What happens if I get a certificate through a valid third-party (Verisign,
    > etc), when I send out an update to my app.


    As long as the user has "trusted" that digital signature, the user can open
    the database file in Access 2003 without the warning prompt.

    > Also, if the certificate expires,
    > then I suppose that users will have a message pop up every time they open
    > the
    > app, just like one does on internet websites where a certificate has
    > expired.


    How else is Verisign going to get repeat customers? ;-)

    Actually, I don't think the user will get the same pop-up message advising
    that the digital certificate has expired. I think the user will see the
    same messages that are shown when an Access database file hasn't been
    digitally signed when the Macro Security level is set to Medium or High. In
    other words, there's no valid digital signature on the file, so the user is
    warned when opening the file when the Macro Security level is not set to
    Low.

    HTH.
    Gunny

    See http://www.QBuilt.com for all your database needs.
    See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    info.


    "rdemyan via AccessMonster.com" <u6836@uwe> wrote in message
    news:62b9819346b96@uwe...
    > If I self-sign my app, then every time there is an update, the user will
    > have
    > to go through the whole deal of getting the self-signature to work.
    >
    > What happens if I get a certificate through a valid third-party (Verisign,
    > etc), when I send out an update to my app. Also, if the certificate
    > expires,
    > then I suppose that users will have a message pop up every time they open
    > the
    > app, just like one does on internet websites where a certificate has
    > expired.
    >
    > Thanks.
    >
    > '69 Camaro wrote:
    >>Oh, yeah. I forgot to mention that the user might voluntarily choose to
    >>block potentially unsafe expressions again if he gets the prompt when he's
    >>not running your digitally signed database file, in order to get rid of
    >>these annoying prompts. He can't win.
    >>
    >>HTH.
    >>Gunny
    >>
    >>See http://www.QBuilt.com for all your database needs.
    >>See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >>http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >>info.
    >>
    >>> Hi.
    >>>

    >>[quoted text clipped - 120 lines]
    >>>>>>>> mde?
    >>>>>>>> Is this a problem with an A2003 mde. I certainly hope not!!!?

    >
    > --
    > Message posted via AccessMonster.com
    > http://www.accessmonster.com/Uwe/Forums.aspx/access/200607/1
     
  12. rdemyan via AccessMonster.com

    Guest

    Hi Gunny:

    I just purchased and installed a Thawte certificate. I signed my code and
    was able to open my application even with the security setting equal to High.
    The certificate I purchased is for one year.

    I then set my PC clock ahead by two years and reopened my app. This causes a
    Security Warning to appear. It says that the file has been digitally signed
    by 'XXXXX'. It also says:

    "A certificate (signing or issuer) has expired".

    However, in speaking with Thawte, if when the code is signed it is also
    timestamped, then this message will not appear after certificate expiration
    (as long as the code has not been changed). I tested this as well and sure
    enough the Security Warning did not appear when I signed and timestamped my
    code and set the PC clock ahead by 2 years.

    Getting the signing process to timestamp the VBA code is not trivial. It
    requires registry changes (at least with Thawte certificates). Thawte uses
    the verisign server to do the timestamping.

    Just thought I would share my experiences.

    '69 Camaro wrote:
    >Hi.
    >
    >> If I self-sign my app, then every time there is an update, the user will
    >> have
    >> to go through the whole deal of getting the self-signature to work.

    >
    >Unless you're creating a whole new SelfCert digital certificate for each new
    >version of your application, then signing any Access 2003 database
    >application file with your specific digital signature will be accepted on
    >any computer with Access 2003 installed that has that digital signature as
    >"trusted" and the Macro Security set to Low or Medium.
    >
    >> What happens if I get a certificate through a valid third-party (Verisign,
    >> etc), when I send out an update to my app.

    >
    >As long as the user has "trusted" that digital signature, the user can open
    >the database file in Access 2003 without the warning prompt.
    >
    >> Also, if the certificate expires,
    >> then I suppose that users will have a message pop up every time they open
    >> the
    >> app, just like one does on internet websites where a certificate has
    >> expired.

    >
    >How else is Verisign going to get repeat customers? ;-)
    >
    >Actually, I don't think the user will get the same pop-up message advising
    >that the digital certificate has expired. I think the user will see the
    >same messages that are shown when an Access database file hasn't been
    >digitally signed when the Macro Security level is set to Medium or High. In
    >other words, there's no valid digital signature on the file, so the user is
    >warned when opening the file when the Macro Security level is not set to
    >Low.
    >
    >HTH.
    >Gunny
    >
    >See http://www.QBuilt.com for all your database needs.
    >See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >info.
    >
    >> If I self-sign my app, then every time there is an update, the user will
    >> have

    >[quoted text clipped - 28 lines]
    >>>>>>>>> mde?
    >>>>>>>>> Is this a problem with an A2003 mde. I certainly hope not!!!?


    --
    Message posted via http://www.accessmonster.com
     
  13. '69 Camaro

    '69 Camaro
    Expand Collapse
    Guest

    Hi.

    > Just thought I would share my experiences.


    Excellent. Thanks for sharing this information so that others may benefit,
    too.

    > Getting the signing process to timestamp the VBA code is not trivial. It
    > requires registry changes (at least with Thawte certificates). Thawte
    > uses
    > the verisign server to do the timestamping.


    Of which one new Windows Registry key I suspect is this one:

    HKEY_Current_User\Software\Microsoft\VBA\Security\TimeStampURL

    HTH.
    Gunny

    See http://www.QBuilt.com for all your database needs.
    See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    info.


    "rdemyan via AccessMonster.com" <u6836@uwe> wrote in message
    news:62d3552888b3f@uwe...
    > Hi Gunny:
    >
    > I just purchased and installed a Thawte certificate. I signed my code and
    > was able to open my application even with the security setting equal to
    > High.
    > The certificate I purchased is for one year.
    >
    > I then set my PC clock ahead by two years and reopened my app. This
    > causes a
    > Security Warning to appear. It says that the file has been digitally
    > signed
    > by 'XXXXX'. It also says:
    >
    > "A certificate (signing or issuer) has expired".
    >
    > However, in speaking with Thawte, if when the code is signed it is also
    > timestamped, then this message will not appear after certificate
    > expiration
    > (as long as the code has not been changed). I tested this as well and
    > sure
    > enough the Security Warning did not appear when I signed and timestamped
    > my
    > code and set the PC clock ahead by 2 years.
    >
    > Getting the signing process to timestamp the VBA code is not trivial. It
    > requires registry changes (at least with Thawte certificates). Thawte
    > uses
    > the verisign server to do the timestamping.
    >
    > Just thought I would share my experiences.
    >
    > '69 Camaro wrote:
    >>Hi.
    >>
    >>> If I self-sign my app, then every time there is an update, the user will
    >>> have
    >>> to go through the whole deal of getting the self-signature to work.

    >>
    >>Unless you're creating a whole new SelfCert digital certificate for each
    >>new
    >>version of your application, then signing any Access 2003 database
    >>application file with your specific digital signature will be accepted on
    >>any computer with Access 2003 installed that has that digital signature as
    >>"trusted" and the Macro Security set to Low or Medium.
    >>
    >>> What happens if I get a certificate through a valid third-party
    >>> (Verisign,
    >>> etc), when I send out an update to my app.

    >>
    >>As long as the user has "trusted" that digital signature, the user can
    >>open
    >>the database file in Access 2003 without the warning prompt.
    >>
    >>> Also, if the certificate expires,
    >>> then I suppose that users will have a message pop up every time they
    >>> open
    >>> the
    >>> app, just like one does on internet websites where a certificate has
    >>> expired.

    >>
    >>How else is Verisign going to get repeat customers? ;-)
    >>
    >>Actually, I don't think the user will get the same pop-up message advising
    >>that the digital certificate has expired. I think the user will see the
    >>same messages that are shown when an Access database file hasn't been
    >>digitally signed when the Macro Security level is set to Medium or High.
    >>In
    >>other words, there's no valid digital signature on the file, so the user
    >>is
    >>warned when opening the file when the Macro Security level is not set to
    >>Low.
    >>
    >>HTH.
    >>Gunny
    >>
    >>See http://www.QBuilt.com for all your database needs.
    >>See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
    >>http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
    >>info.
    >>
    >>> If I self-sign my app, then every time there is an update, the user will
    >>> have

    >>[quoted text clipped - 28 lines]
    >>>>>>>>>> mde?
    >>>>>>>>>> Is this a problem with an A2003 mde. I certainly hope not!!!?

    >
    > --
    > Message posted via http://www.accessmonster.com
     

Share This Page