password protection (vba )

Topic

New Reply

I’m protecting Word vba code with password protection. The passwords however can be easily traced by software from lostpassword.com.
Is there a more sophisticated way for password protection?

Reply | Quote

Replies

Use long randomly generated passwords.
Obfuscate your code by:
1. Elminating all comments.
2. Eliminating most white space.
3. In distributed code, choose meaningless, randomly selected, variable names.
4. After doing the above, put multiple statementss on a line.

This will discourage most from even attempting to figure out the code.

Reply | Quote

For another slant on this…
http://mindprod.com/unmain.html%5B/url%5D

Reply | Quote

Of course, if you follow Howard’s suggestion, you’d better make sure you stash a fully commented, un-obfuscated copy of the code somewhere because it will be just as hard for *you* to untangle when you have to patch it.

Reply | Quote

You better believe it.

I have my own code obfuscator.
Even I cannot undefstand, without a great deal of effort, my own code after obfuscation.

MSFT does not care about protecting our intellectual property in VS .NET. Note that in VS .NET, code obfuscation is really the only way to protect code as it is not difficult to see other’s code. There are already 3rd party code obfuscators available for VS .NET. However, I do not wish to discuss this topic, it’s too depressing!

P.S. I forgot to mention, that not only does code obfuscation make it very expensive for others to steal/read your code, judicious choice of variable names wil usually reduce the size of the code by over 30%. Has a big impact on the size of a Word template for distribution.

Reply | Quote

I have been asked whether I wish to share, or sell, my code obfuscator. The answer is NO.

For VS .NET, there are already several commercial code obfuscators available and Dan Appleman has a free code obfuscator, for which there is a downloadable e-book available for, as I recall $39.95). I believe that Dan’s obfuscator can be found at http://www.abderaware.com/WhitePapers/Obfuscator.htm%5B/url%5D.

For VB/VBA, there likely are also code obfuscators, but I never looked into getting them.

In my case:

1. I have code that does a pretty good job of building a list of variables, and procedures, using an exception list to not change names that I wish to make Public. My code REQUIRES that one use Option Explicit, i.e., I did not want to have to parse for variable names.

2. I then generate random names in a mapping table. The name space is always the same, e.g., x, x1, zz, but the mapping is random.

3. Lastly, I use the brute force approach to replace names. Again, I do not use a parser, so it is possible that non-judicious choices of variable names that are keywords.methods, etc., can get screwed up. However, I rarely make that mistake, so my code works for me. Writing a ful blown parser for VB/VBA might be interesting, but I’d rather spend my time elsewhere.

Reply | Quote

Although I am using Excel, I figure that the best objuscater is me, since my code is so obfucated without having an obviscator officially obfuscivate my code, even I cannot figure it out and I have the project password!

Reply | Quote

I’ve heard that you can protect Word code by building DLLs- but I haven’t done this myself. Any thoughts out there?

Reply | Quote

I did this for about three months start of this year, but have retreated to using password-protected DOT files.

Passwords for 40 templates isn’t difficult. Each password is three or more words based on my childhood (who else would know the name of the street that housed the cotton mill on my way to school on the Burnely bus?), and the Passwords.doc that I carry in my shirt pocket doesn’t carry the password, it says “name of the street that housed the cotton mill on my way to school on the Burnely bus” rather than “lovecloughclose”.

Oooops!

Reply | Quote