before we get started on this, MS IRM is not available in the organisation in which I work. so that is not an option.
I've been thinking about how to build complex pricing tools with sensitive data in them and preventing that from being misappropriated.
my current mechanisms include this:
1. on close: lock the workbook completely; lock the worksheets; deep hide the worksheets;.
2. on open: unlock and relock to cell level only; make some worksheets visible
1 + 2 prevents against the workbook being opened usefully without macros turned on.
when macros are enabled, i feel relatively secure that the document will work adequately if the protection mechanisms are not subverted. The password for protecting the worksheets and books etc is in the VBA. The VBA is protected.
My concern is that the document can have the permissions easily removed by editing the xml. I'm thinking that I can work around this by having a macro delete the content of the document and save and close it in the event that it is opened (with macros) and there is no protection.
My next concern is that the VBA code itself can be made accessible very easily. I'm thinking that the mitigator for here is to take an md5 snapshot of the module that controls the security. If that changes, then delete the content, save and close.
But there is a scenario that still worries me:
1. remove protection via xml
2. open the workbook without macros
3. unhide the sheets
Can anyone think of a workaround for this scenario? are there more holes to be poked in this construct?
I was thinking that it might be possible to force the document to be saved encrypted; and share that password. then, sfaik, the document is not vulnerable to an xml-edit attack vector unless it is saved without the password. but then I guess if it is opened and macros not-enabled, then it can be saved without the password and made vulnerable to having protections removed. So not great overall.
I've been thinking about how to build complex pricing tools with sensitive data in them and preventing that from being misappropriated.
my current mechanisms include this:
1. on close: lock the workbook completely; lock the worksheets; deep hide the worksheets;.
2. on open: unlock and relock to cell level only; make some worksheets visible
1 + 2 prevents against the workbook being opened usefully without macros turned on.
when macros are enabled, i feel relatively secure that the document will work adequately if the protection mechanisms are not subverted. The password for protecting the worksheets and books etc is in the VBA. The VBA is protected.
My concern is that the document can have the permissions easily removed by editing the xml. I'm thinking that I can work around this by having a macro delete the content of the document and save and close it in the event that it is opened (with macros) and there is no protection.
My next concern is that the VBA code itself can be made accessible very easily. I'm thinking that the mitigator for here is to take an md5 snapshot of the module that controls the security. If that changes, then delete the content, save and close.
But there is a scenario that still worries me:
1. remove protection via xml
2. open the workbook without macros
3. unhide the sheets
Can anyone think of a workaround for this scenario? are there more holes to be poked in this construct?
I was thinking that it might be possible to force the document to be saved encrypted; and share that password. then, sfaik, the document is not vulnerable to an xml-edit attack vector unless it is saved without the password. but then I guess if it is opened and macros not-enabled, then it can be saved without the password and made vulnerable to having protections removed. So not great overall.