Kenneth Ismert
kismert at gmail.com
Fri Feb 26 12:08:08 CST 2010
All: Steve Schapel: > Basically, I think the focus in this article on "you should try to avoid > including programming tools that require the user to specifically grant > trusted status to the database" is just plain silly. What's the big deal > about creating a Trusted Location on the user's computer? Only has to be > done once, and has never caused a problem for me. In my book, that is not a > reason to base your programming decisions on. > I think they are trying to outline 'best practice': use the minimum permissions possible that still allow the app to function. A Trusted Location is an acceptable work-around. Ken Ismert: I think Microsoft would desperately like to move away from VBA, >> but can't. >> The security concerns are valid, but the installed base of VBA code is so >> huge that they will have to support it well past their original sunset >> plans... >> > Steve Schapel: I don't quite see it like that ... I see a continued > commitment to VBA from Microsoft. We have a 64 bit version of VBA coming > ... > I think they support VBA because they must. Despite the 64-bit version, VBA will certainly never be the first-class citizen that it once was. Besides, there is a more insidious way of forcing the community to move away from VBA: starving it of COM components. For example, CDO is not being delivered on Vista or Windows 7. Sure, you can download and install it for now, but that is more water you have to carry to make your 'old-style' app work. You can be sure in the future that Microsoft will drop support for all but a very vital core of COM components. There is no new COM component development happening. There are also no guarantees that your critical COM component will work in a 64-bit environment. This means that your ability to deliver competitive apps in VBA will erode in the future. > Asger Blond: > As for security: does anyone know why MS is considering VBA an issue > especially in Access? And more disturbing: why does MS consider Access > itself a security issue even without VBA? > Why would VBA be more risky in Access than in all other Office > applications? And why do we in Office 2003 get this annoying security > warning for an Access db which is not holding any macros or VBA code? > Is Access per se a threat? To whom? MS? > VBA was never the security threat. COM is. A major source of Microsoft's security headaches in the last decade centered around ActiveX (COM) components and unmanaged code. Because VBA is inextricably bound to COM, it inherits COM's security issues. Access, because it is a database, is simply more vulnerable because of what it is. But the same kinds of security problems afflict web apps that use databases, so these are more generic concerns, not specific to Access. > Stuart: > "I should note for office 2010 we are getting a 64 bit version of VBA. This > includes support for > LongLong, and we now finally have a real pointer data type. " > Pointers at last!!! > 2010 is starting to look promising :-) > I too, am liking 2010. When I get the chance, I will happily use the new VBA features to maintain old applications. But, I am currently favoring a very rapid, stripped down approach to new Access development, which make macros an attractive option. I would think long and hard before committing to a new commercial application written in VBA under Access. -Ken