• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

Enable excel macros on production server??

Hi Fellow experts,

I'm stuck between a client and a vendor, and I need to validate my response to this issue:

The client has a production server that runs an IIS_based health care app.
The vendor recently came out with an "enhancement" whereby a user could upload an excel file to the server, the server would then run a set of macros to process the data and further upload the resultant data to a government system.

My first reaction is "WTF, you want me to enable excel macros on a production server, AND the user uploads the excel files from their own PC????"

I asked them what if the excel file the user uploads is macro infested?   Response: "hmmmm"

Am I off-base here?  Is there a way to secure all of this that I am not aware of?
0
SunnySlacker
Asked:
SunnySlacker
1 Solution
 
Brian WithunCommented:
You could issue digital certificates to the users who will be uploading these workbooks, and require them to be digitally signed macros.  Make sure these are real certificates, issued by a reliable certificate authorithy like Thawt or Verisign.

On the server, trust the issuing certificate authority so that Excel will run the signed macros without challenging them.

From VisualBasic: Tools > Digital Signature...

Then, nobody except your certificate holders will be able to get their macros to run on your server.

0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now