• Hi All

    Please note that at the Chandoo.org Forums there is Zero Tolerance to Spam

    Post Spam and you Will Be Deleted as a User

    Hui...

  • When starting a new post, to receive a quicker and more targeted answer, Please include a sample file in the initial post.

Curious related to security

xlstime

xlstime

Active Member
Hey Masters,

Just curious to know about few things -
  • Is there any way to delete protected module
    • if aware of module password (but wanted to delete using another macro)
    • if unaware of module password
  • How may type of excel workbook password security
    • Is there any way to understand the workbook password security (type of security and all other things
  • Class module use and good things about class modules.
 
Yes, you can delete a protected code module, regardless of knowing the password. W/o knowing password:

In 2003 and earlier, password cracker is super easy. Crack password, then delete module manually.
In 2007+, XL uses a XML file structure. You can change file extension to ".zip", open zip file, find the code modules, delete from Zip. Change extension back, and code has been removed.
To delete just with a macro, the Trust Center settings will initially stop you. Would need to have allowed macros to have access to Visual Basic. This is overall a little dangerous, as you can then have macros writing malicious code on their own (DANGER!), but it's doable.

For security, you really only have the password/encryption to open the workbook. People often confuse "protection" on the workbook or worksheet as security, but they're not. The latter is simply a way to keep people from accidentally messing something up. Those are easy to remove. The password to open and/or encyrption starts to add a little strength. Now you're going to need a better password cracker at least. However, the strength isn't strong enough to withstand toughest attacked. This would be good enough to stop someone who's simply noisy, but not someone really determined to get to your file. File is still vulnerable to using the "zip" extension trick, or a decent HEX editor.

Class Modules are a completely different subject. Basically, it's a way of creating a block of "objects" for things you want to use. Chip Pearson does a much better job explaining here:
http://www.cpearson.com/excel/classes.aspx
 
Wow Thanks Luke!!.

Can you please share some useful links related to security.

Once again Thank you so much!!..

Luke M said:
Yes, you can delete a protected code module, regardless of knowing the password. W/o knowing password:

In 2003 and earlier, password cracker is super easy. Crack password, then delete module manually.
In 2007+, XL uses a XML file structure. You can change file extension to ".zip", open zip file, find the code modules, delete from Zip. Change extension back, and code has been removed.
To delete just with a macro, the Trust Center settings will initially stop you. Would need to have allowed macros to have access to Visual Basic. This is overall a little dangerous, as you can then have macros writing malicious code on their own (DANGER!), but it's doable.

For security, you really only have the password/encryption to open the workbook. People often confuse "protection" on the workbook or worksheet as security, but they're not. The latter is simply a way to keep people from accidentally messing something up. Those are easy to remove. The password to open and/or encyrption starts to add a little strength. Now you're going to need a better password cracker at least. However, the strength isn't strong enough to withstand toughest attacked. This would be good enough to stop someone who's simply noisy, but not someone really determined to get to your file. File is still vulnerable to using the "zip" extension trick, or a decent HEX editor.

Class Modules are a completely different subject. Basically, it's a way of creating a block of "objects" for things you want to use. Chip Pearson does a much better job explaining here:
http://www.cpearson.com/excel/classes.aspx
Click to expand...
 
You must log in or register to reply here.
Back
Top