• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

Enable excel macros on production server??

Hi Fellow experts,

I'm stuck between a client and a vendor, and I need to validate my response to this issue:

The client has a production server that runs an IIS_based health care app.
The vendor recently came out with an "enhancement" whereby a user could upload an excel file to the server, the server would then run a set of macros to process the data and further upload the resultant data to a government system.

My first reaction is "WTF, you want me to enable excel macros on a production server, AND the user uploads the excel files from their own PC????"

I asked them what if the excel file the user uploads is macro infested?   Response: "hmmmm"

Am I off-base here?  Is there a way to secure all of this that I am not aware of?
0
SunnySlacker
Asked:
SunnySlacker
1 Solution
 
Brian WithunCommented:
You could issue digital certificates to the users who will be uploading these workbooks, and require them to be digitally signed macros.  Make sure these are real certificates, issued by a reliable certificate authorithy like Thawt or Verisign.

On the server, trust the issuing certificate authority so that Excel will run the signed macros without challenging them.

From VisualBasic: Tools > Digital Signature...

Then, nobody except your certificate holders will be able to get their macros to run on your server.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now