Some weeks ago I posted the following message in microsoft.public.access.security. Here I will reproduce and extend it, since I have not received any response there, to spread the words and reach a higher audicence. Maybe someone would give me a hint some day...
I also made a translation of this article in spanish called Access 2007: La firma digital se pierde cuando se compacta un .ADP o se crea un fichero .ADE
We have been using digital signatures for years (Office 2003) to deploy MS Access complied project files (.ADE) to avoid users to accept security warnings every time they opened the application.
Now we are using Office 2007 and whenever we create ADE files (with signed VB code), we receive (in Access status bar, on the bottom) the following warning (maybe the warning is not exactly as this, since it is a self-made translation from Spanish):
"The changes made to the databes or project had invalidated the linked digital signature"
"Las modificaciones realizadas en la base de datos o proyecto han invalidado la firma digital asociada." (this is the original warning).
After that, when any user tries to open the created ADE file, they receive the usual warning as if the file had no digital signature at all:
Microsoft Office Access Security Notice A potential security concern has been identified. Warning: it is not possible to determine that this content came from a trustworthy source. You should leave this content disabled unless the content provides critical functionality and you trust its source.
That dialog confirms that the original warning shown in the status bar was right. The signature is lost when you compile the ADP into an ADE file.
I have checked that this happens when creating a brand new database project:
- Create a new database project (ADP) and connect it to any SQL Server / Northwind you have at hand.
- Create a form with a single button in it and use the following code:Option Compare Database Option Explicit Private Sub Command0_Click() MsgBox ("this is a test") End Sub
- Sign the code: Tools -> Digital signatures...
- Create ADE
- Try to open the ADE you created before
Can this be classified as a bug or a feature? Is there any place to submit feedbacks for Access 2007?Thanks in advance.
To this post, and after having done more tests, I would also say that a similar behaviour is shown whenever you compact and repair an ADP file the digital signature is lost too.
It does not matter that there are alternative ways to prevent the security warnings from appearing (i.e. Trust Center). I think this is a real bug that prevents anyone that owns a Digital Certificate from signing and distributing code (without distributing the code, i.e. ADE files) the way we were used to do with Access 2003.
I hope staff at MS solve it better sooner than later. I'm also willing to hear from your experiences on this field.