Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unsafe Expressions!

Status
Not open for further replies.
Shippwreck

Shippwreck

Programmer
Oct 20, 2003
136
GB
Hi,

Recently at work we have decided to make the move to Access 2003. We are now running with Jet 4.0 Service Pack 8 and as a lot of you will know that now causes problems with unsafe expressions. For us we now have a business critical database that wont run...

Now in the short i have changed the sandbox registry setting to 2 and so it now runs... but we want/need to re-write the parts that are causing these issues. I have been to numerous sites that have been very helpful:

(good article in general about it)

(list of blocked functions and properties)

(list of operations allowed)

But now have some points i need to clarify. The database in question, actually does not have much code in it! It has one Form with code behind, and then 3 VBA modules... Now if i have read the documentation correctly, i don't need to worry about the 3 VBA modules as these aren't blocked???


If this is the case then i only need to check queries and the code behind the form? Can someone let me know if i'm on the right track so far. If i am then i guess my next job is to go through lookign for each of the now unsafe functions/properties...


"Google is god...of the internet" - Me ;)
 
Sort by date Sort by votes
I don't think you need to review all your code and queries. You just need to have Access "run in Sandbox mode". Once you do that, the "Unsafe Expressions" dialog no longer displays. You will still get the Security warning about macros - the only way to get rid of those is to sign the project with a digital certificate. But the Security warning is a lot more straight forward then the "Unsafe Expressions" dialog, and most of my users just click through that.

I have applications with thousands of lines of code and over a hundred queries, and every thing still worked after going to Sandbox mode.


 
Upvote 0 Downvote
you can get the sandbox warnings to turn off, there's a registry key to do that...

--------------------
Procrastinate Now!
 
Upvote 0 Downvote
JoeAtWork: Access is running in Sandbox Mode, that gets rid of the warnings, however it also blocks (with no error messages or warnings) any unsafe expressions rendering this DB useles... hence the need to re-code those sections ;)

Crowley16: Yes, you can change the registry settings to a lower security, however Access will then ask the Luser if they want to run in Sandbox mode, if they say no the DB will work, but if they say yes it will revert to the higher security and not work. Additionally on start up they will get the warning boxes which always scares my Lusers!


Additonally bearing in mind that this was implemented in Access 2003 over time this will become the defacto standard, not 97 or 2000, so this is not just an exercise in modernising this DB, but as its small(ish) its a good way to work out the best way to "detect" where the problems are and work out the best ways of fixing them. Now that may currently be just painstakingly searching through code for the now "unsafe expressions" but it may not... this is the first time i have done, am doing this and so was looking for advice from anyone who may have done this in before?

As a point to note, anyone who is developing in 2003 should make sure that they ARE running in Sandbox mode... that way you shouldn't encounter this problem as to get it working you wont of been able to use unsafe expressions at all ;)


"Google is god...of the internet" - Me ;)
 
Upvote 0 Downvote
you can definitely switch off the sandbox mode so no-prompts come up even if you use unsafe expressions, I've done this, I'll try to dig up the registry keys later...

ok, it is a good idea to be careful with the code you use, however there's a lot of things which needs to be done by unsafe code and some of those things you cannot get around...

--------------------
Procrastinate Now!
 
Upvote 0 Downvote
regKeyLoc = "HKLM\SOFTWARE\Microsoft\Office\10.0\Access\Security\"
regDWord = "Level"
regValue = 1

--------------------
Procrastinate Now!
 
Upvote 0 Downvote
Ok, i thought i would let anyone reading this know where i am at with this project.

As per my last post, unfortunately the suggestions so far in this thread were not feasible. So what i have done to date is to move all of the code that was in user forms... to VBA modules and then called the modules from the forms. It isn't fully tested yet but appears to work...

Just thought i'd update anyone who was interested ;)


"Google is god...of the internet" - Me ;)
 
Upvote 0 Downvote
You had much luck? We have been upgraded to 2003 however dont have permission to change Reg values..

bit confused why the error messages comeup even on a brand new DB with nothing in it at all!
 
Upvote 0 Downvote
Hi,

Yes i was at first to. Firstly what level is your macro security set to, and what does the message say (as there are 2 or 3 that could be appearing)?

If you have your Macro security set to medium or above (which really you should) then you will ALWAYS get the message saying "this file may not be safe if it contains code that was intended to harm your computer" with the option to open or cancel or get more info. This is a bog standard measure to make the user aware that the file being opened has VBA in it... its the same one you get when you open an Excel file with VBA in it and your security is medium or high. This you can do nothing about (without purchasing certificates i believe, although i did read somewhere about an MS self certification program that you can get for Office but have never used it)

If you are getting another one then let me know which it is and i'll try to let you know what to do to get round it.

As for my upgrade, it has been finished succesfully! As i said in a previous post, anyhting that you can't re-write to "make safe" you can just put in a seperate function or sub in a VBA module. Then call the sub or run the function from the forms code. The only thing you will have to make sure of is that you change any "private" variables, subs and functions that are moved otherwise they wont be able to see anything outside of there module...


"Google is god...of the internet" - Me ;)
 
Upvote 0 Downvote
We decided in the end to abandon Sandbox mode on the basis that our existing db's would take too long to cleanup.

Our understanding was/is that the only reason the old expressions are sandboxed is because they are possibly open to external attack, however,as they are not used or availble via any online connection we considered the internal use of "unsafe" expressions to be OK and sofar all is well after 2 years.

Open to suggestions or experiences that would make us reconsider though!

Happiness is...not getting what you want but wanting what you have already got
 
Upvote 0 Downvote
Its not because of that, its to prevent users running DB's that may have malicious code embedded outside of VBA modules, rendering Macro security useless. These DB's may come from and source... most obviously via e-mail.

Here's a better explanation from the first link i placed above.

What does the Sandbox Try To Protect?

Sandbox mode is designed to protect your computer and databases against database objects that are designed with a malicious intent. It does this by stopping unsafe expressions being executed from one of the following

· From a query

· The default property of a control

· The on event line of a control embedded in a form or report

Any of these actions can be fired in a database without a VBA Project and because of this, macro detection and macro signatures will have no effect as they only kick in when a database has VBA code. For example, a query that that could do some damage is illustrated by the following SQL. In this sample, I show you how you can launch the calculator program from a query. If you try this with Access 97 or with the SandboxMode registry setting set to 2 or 0, this will launch the program quite happily. It doesn’t leave much to the imagination to think what other things you could do with this particular power.



"Google is god...of the internet" - Me ;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

eleteroboltz
  • Locked
  • Question
Using expressions between brackets [ ]
Replies
3
Views
48
MajP
MajP
AHJ1
  • Locked
  • Question
Query or Regular Expressions to find similar names
Replies
7
Views
77
AHJ1
AHJ1
AHJ1
  • Locked
  • Question
Regular Expressions to Eliminate Rich Text Formatting 1
Replies
12
Views
241
AHJ1
AHJ1
Aidy680
  • Locked
  • Question
Regular Expressions in VBA
Replies
4
Views
51
Aidy680
Aidy680
monkeysee
  • Locked
  • Question
Unsafe Expression when access loads
Replies
1
Views
20
PHV
PHV

Part and Inventory Search

Sponsor

Back
Top