Solved

Enable excel macros on production server??

Posted on 2009-05-07
2
218 Views
Last Modified: 2012-05-06
Hi Fellow experts,

I'm stuck between a client and a vendor, and I need to validate my response to this issue:

The client has a production server that runs an IIS_based health care app.
The vendor recently came out with an "enhancement" whereby a user could upload an excel file to the server, the server would then run a set of macros to process the data and further upload the resultant data to a government system.

My first reaction is "WTF, you want me to enable excel macros on a production server, AND the user uploads the excel files from their own PC????"

I asked them what if the excel file the user uploads is macro infested?   Response: "hmmmm"

Am I off-base here?  Is there a way to secure all of this that I am not aware of?
0
Comment
Question by:SunnySlacker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Brian Withun earned 500 total points
ID: 24330320
You could issue digital certificates to the users who will be uploading these workbooks, and require them to be digitally signed macros.  Make sure these are real certificates, issued by a reliable certificate authorithy like Thawt or Verisign.

On the server, trust the issuing certificate authority so that Excel will run the signed macros without challenging them.

From VisualBasic: Tools > Digital Signature...

Then, nobody except your certificate holders will be able to get their macros to run on your server.

0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question