http://blogs.msdn.com/clintcovington/archive/2007/02/21/my-favorite-access-keyboard-commands.aspxI have a confession to make… I started hacking around in computers with Windows 3.1—never learned how to really use the command line. I know—I have fallen from grace for many of you developers. The mouse has been my friend. I’m trying to change and useen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/clintcovington/archive/2007/02/21/my-favorite-access-keyboard-commands.aspx#1743275Thu, 22 Feb 2007 22:57:44 GMT91d46819-8472-40ad-a661-2c78acb4018c:1743275ken<p>Sorry for the OT but it's important.</p> <p>From &quot;Macro improvements of Access 2007&quot;</p> <p>Clint:</p> <p>&quot;I'm not the security expert on our team and my views don't represent the views of Microsoft or the Access team. We might even see Suraj (our security expert drop by if he gets a chance).</p> <p>I don't think you will ever see MS changing the security settings to low. There are just too many things that can go wrong. Keep in mind, the security setting effects all Office documents such as Word and Excel. I think most people that get an Excel doc will expect it to be safe. Most of the security hacks these days are social engineering hacks where you trick someone into running your software without realizing it could be dangerous. The security dialog makes people understand the application could run code.</p> <p>You don't get a security dialog when you run Notepad because Notepad won't ever do anything wrong. You don't get a security dialog when you run .Net apps because you got it when you installed it. </p> <p>Unfortunately, there are lots of bad people that have invested interest in doing harm to others computers. Given the bad things that have happened to Microsoft customers--the company has to take this issue very seriously&quot;</p> <p>.............................</p> <p>Clint, we are developers that distribute Runtime .MDE/ADE applications to our customers.</p> <p>An Access Runtime application must be (virtually) similar to a compiled .exe or .NET application.</p> <p>It's a big mistake to *force* us to buy the sagekey scripts.</p> <p>In my opinion the Access developer team don't know (or simply it ignores) the needs of Access/VBA developers.</p> <p>Microsoft Access-Runtime-edition isn't an Office application for final users!</p> <p>Bye</p> http://blogs.msdn.com/clintcovington/archive/2007/02/21/my-favorite-access-keyboard-commands.aspx#1744595Fri, 23 Feb 2007 03:38:42 GMT91d46819-8472-40ad-a661-2c78acb4018c:1744595Clint Covington<p>Thanks Ken,</p> <p>I will pass your feedback along to the Access team. I know they are looking at different deployment options.</p> http://blogs.msdn.com/clintcovington/archive/2007/02/21/my-favorite-access-keyboard-commands.aspx#1749464Sat, 24 Feb 2007 00:28:22 GMT91d46819-8472-40ad-a661-2c78acb4018c:1749464AL<p>Of course, I have to agree with ken 200%. &nbsp;After some Google or UA investigation, it is trivial for any programmer to inactivate the security warnings, the same way that SageKey does it. &nbsp;This of course means that any malicious hacker can do the same thing. &nbsp;So really, what's the value of this, other than annoying people. &nbsp;</p> <p>IOW, the security warnings do nothing to enhance security, but are a great embarrassment for developers and a great annoyance to end-users. &nbsp;</p> <p>At the same time, there is not even a peep in the help files about the dangers of SQL injection to delete all of my data, and not a peep about the dangers of using SQL Server security to apply permissions that can then be used outside of the Access application. &nbsp;When will Access support application roles, which provide much better security and performance? &nbsp;(Some time ago, you or Eric said you would try to look into it, but we have not heard back.)</p> <p>Please try to understand that this current approach to &quot;security&quot; simply does not work in practice. &nbsp;I suggest that the next blog post be used to solicit users' concerns and suggestions about Access security issues. &nbsp;You can add a poll that asks developers: &quot;Who likes the current &quot;security model.&quot;</p> <p>Having said all that, I want to thank you gain for making this blog and keeping open the lines of communication. &nbsp;I, for one, really appreciate it! &nbsp;</p> http://blogs.msdn.com/clintcovington/archive/2007/02/21/my-favorite-access-keyboard-commands.aspx#1755718Sun, 25 Feb 2007 07:33:59 GMT91d46819-8472-40ad-a661-2c78acb4018c:1755718Clint Covington<p>Please keep in mind, a malicious hacker can't modify the low security settings without tricking you into running code on the system. The only way the SageKey system might be allowed to do it is because someone trusts the person installing the code.</p> <p>I understand there are some frustrations with the current security model. Trusted Locations does help in many scenarios but not all. I will pass along the feedback to the people that manage those decisions.</p> http://blogs.msdn.com/clintcovington/archive/2007/02/21/my-favorite-access-keyboard-commands.aspx#1765225Mon, 26 Feb 2007 23:19:42 GMT91d46819-8472-40ad-a661-2c78acb4018c:1765225Clint Covington<p>I did more research on this topic--I'm not that connected to the runtime these days. It turns out--I gave you some wrong information (sorry about that). When you create the runtime MSI the runtime will add a trusted folder reg key for your data folder. This means, we will run your application without security prompts without lowering all of your Office security settings. T</p> <p>Happy?</p> http://blogs.msdn.com/clintcovington/archive/2007/02/21/my-favorite-access-keyboard-commands.aspx#1771934Wed, 28 Feb 2007 05:31:10 GMT91d46819-8472-40ad-a661-2c78acb4018c:1771934AL<p>:-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) </p> <p>(Yes, Thank you!)</p>