Product Question
-
jueves, 09 de agosto de 2012 15:45
Hi,
I have an Excel project written in VBA that I need to convert over to an add-in, because we don’t want anyone stealing the code. I understand that I can’t just “convert” the VBA and that I’ll have to re-write the code and re-create the forms. My question is what tools will I need to use to create a new add-in? I’m confused as to the difference between Visual Studio and VSTO and which one will I need to use or will I use a different product. I’m currently using XL2007 and Windows XP. Can anyone provide me with some guidance?
Thanks.
Mark
Todas las respuestas
-
jueves, 09 de agosto de 2012 16:56
VBA addins are insecure, even with a password...due to a "backdoor" feature that some hackers have discovered.
However, dot-net code can also be discovered...via dot-net reflector.
You have two options:
1) Excel can be converted to an EXE and the source code becomes protected. This is provided by third party vendors, not Microsoft.2) You need a source code obfuscator if you go the dot-net DLL addin route. That will make the job of hacking the source code very difficult and tedious.
-
jueves, 09 de agosto de 2012 17:05you can use C# to create the EXE as per Syswizard to operate the Excel file. This will save your solution / code while you can sell your product.
Please do not forget to click “Vote as Helpful” if the reply helps/directs you toward your solution and or "Mark as Answer" if it solves your question. This will help to contribute to the forum.
-
jueves, 09 de agosto de 2012 17:12
Thanks, Syswizard.
What exactly is an obfuscator? Aside from this route there is no way protect VB.net add-ins from hackers?
-
jueves, 09 de agosto de 2012 17:14Thanks, CSharp, but I'm not trying to sell it. We have contractors on site that have proven that they are less than ethical. So, it's not possible to hack C#?
-
jueves, 09 de agosto de 2012 18:08
the purpose to build an EXE on C# is that you can your sources are "safe" and "hidden".
In terms of hacking or cracking read the following blog:the summary is that any program / application / worksheet/ workbook could be cracked and hacked.
It is something that is inevitable.
Please do not forget to click “Vote as Helpful” if the reply helps/directs you toward your solution and or "Mark as Answer" if it solves your question. This will help to contribute to the forum.
-
jueves, 09 de agosto de 2012 18:46
Thanks, Syswizard.
What exactly is an obfuscator? Aside from this route there is no way protect VB.net add-ins from hackers?
There is no way period. The obfuscator makes it difficult for source code discovery products to uncover meaningful object references...that's all.
At the company I contract with, they had a rogue programmer who left after planting a "time-out" bomb in the code. 2 months after he left, the app stopped working. With dot-net reflector they were able to discover where the logic for the time-out was located, and they plastered in a new date 20 years into the future. End of problem.
-
viernes, 10 de agosto de 2012 12:41Then wouldn't it be easier and more cost effective to obfuscate the VBA code, rather than "converting" it to VB.net and then obfuscating it?
-
viernes, 10 de agosto de 2012 12:56
Then wouldn't it be easier and more cost effective to obfuscate the VBA code, rather than "converting" it to VB.net and then obfuscating it?
Its debatable. Dot Net provides a much more robust programming environment and you can extend it with third party controls; Finally, Winforms is so much better than the old VBA forms which have never been upgraded from 10 years ago.
VBA would be faster development time-wise.
Here is a product that looks promising:
-
viernes, 10 de agosto de 2012 13:57
Thank you very much, Syswizard. This gives me a lot better idea about what I need to do to make my superiors comfortable. I'll research this some more and if I have any additional questions I'll get back to you.
Mark
- Marcado como respuesta 19Mark7 viernes, 10 de agosto de 2012 13:57
-
viernes, 10 de agosto de 2012 14:03
Thanks, CSharp. I really appreciate your help.
Mark
- Marcado como respuesta 19Mark7 viernes, 10 de agosto de 2012 14:03
-
viernes, 10 de agosto de 2012 16:04
I'll research this some more and if I have any additional questions I'll get back to you.
There is one issue with the DoneEx compiler I've been trying to resolve: apparently it only supports XLS files, not the XLSX,XLAM,XLSM from the later releases. This could be a problem.
-
viernes, 10 de agosto de 2012 17:23Yes, that is a difinite for me. Thanks for the info, Syswizard.
-
martes, 14 de agosto de 2012 17:17
I'll research this some more and if I have any additional questions I'll get back to you.
There is one issue with the DoneEx compiler I've been trying to resolve: apparently it only supports XLS files, not the XLSX,XLAM,XLSM from the later releases. This could be a problem.
This just in: DoneEx does support the newer file formats. -
miércoles, 15 de agosto de 2012 12:42
Excellent! I think that is a good solution, but I another idea, too. We have protected drives at work, so could I send the non-coded workbooks out to the Users and then call the code from a seperate workbook on the protected drive? Non-employees would not have access to the protected drive. I did something similar 12 years ago, but I can't remember exactly how I did it.
Mark
