If you are using Access2003 with existing Access2000 databases, or you are migrating to Access2003, then
‘sandbox mode’ is something you should be aware of.
Microsoft have decided that there is a need to block unsafe expressions in Access applications :-
"An expression is considered safe if it does not use functions or properties that could be exploited by
malicious users to access drives, files, or other resources for which they do not have authorization."
Another very interesting quote is the following :-
"Code that is digitally signed, even if it includes the blocked functions or properties, will run, whether
Access is in sandbox mode or not."
The above 2 quotes rather confuse the issues of who is likely to be malicious. the first implies the users,
and the second the suppliers of the code. Sounds like a digital certificate is a 'Get out of jail FREE card'.
Finally another illuminating quote on how this has been implemented :-
"Sandbox mode is implemented by using the Microsoft Jet Expression Service to evaluate expressions.
Microsoft Jet 4.0 Service Pack 8 (SP8) or later allows Access to be fully functional, yet still have Jet
block unsafe expressions by enabling sandbox mode. However, the Jet expression service is not part of Access.
You need to download and install Microsoft Jet 4.0 Service Pack 8 (SP8) or later before you can enable sandbox
mode."
There are two threads to this article. Firstly there are some steps that must be undertaken before using Access
2003, and secondly there are some issues which could cause problems in some applications.
Behaviour of Access2003
If you do not take an action in regards to preparing for 'sandbox mode', then your users may see Warnings
indicating that your application is a potential danger to them.
The extent to which this poses a problem for you depends upon how your users’ copies of Access are configured.
Probably the ugliest warning users will get is when they have not upgraded to Jet Service Pack 8. So this is
the first check to make. This is the bit that must be undertaken with Access 2003, as it is hard to believe that
anyone could live with this warning box.
The occurrence of subsequent error messages occur depends upon whether ‘sandbox mode’ is enabled, and how the
'macro security' is set.
Top of Page
Enabling Sandbox Mode
Upon first use after installing the JET upgrade or after viewing or changing the Macro Security (when set or
changed to Low) the following message is displayed.
If you select “Yes” then Sandbox Mode will not be enabled, and you will in effect have switched off all
the new protection. So the general recommendation would be to select "No".
(Microsoft also describe the dire consequences of enabling ‘Sandbox Mode’ without having upgraded JET.
About Microsoft Jet Expression Service sandbox mode)
It is also worth noting that that once 'sandbox mode' is enabled on a machine, then this also comes into
affect for Access 2000/2002, if it is also installed on the Machine. So if you are developing with both Access
2000/2002 to Access 2003 with the 'sandbox mode' active, then you will need to edit the registry flag to switch
the 'sandbox mode' on and off. The link below provides details of how this is achieved.
Top of Page
Macro Security Levels
There are three possible settings for 'macro security' : -
- If you select the Low macro security level then no prompting will occur.
- If you select the Medium level then users will be prompted before opening your application.
- If you select the High level then you are going to need a digital signature for your Access Applications.
For a description of allowed functions and setting the registry keys which relate to this see
How to configure Jet 4.0 to prevent unsafe functions from running in Access 2003.
If the registry is locked down then you could be
at the mercy of those who installed and configured Access and in for a nasty shock.
Top of Page
Don't Panic
In the immortal words of Douglas Adam - Don't Panic.
The 'sandbox mode' does NOT apply to VBA code. You can quite happily write some VBA code to execute kill
commands and shell commands to your hearts content.
The Microsoft team believe that they have identified four likely functions namely CurDir, CurDir$, Environ
and Environ$ which may be present in applications as sources for controls or in queries or expressions. These
need to be encapsulated in VBA functions (see link below). In addition the properties in expressions for
Form.Recordset.Recordcount and Form.Recordsetclone.Recordcount, again requiring a VBA replacement.
Top of Page
Implications of enabling Sandbox Mode
The implications of enabling Sandbox mode is that there are a number of restrictions on what you can do in
properties, queries and expressions. For a detailed discussion of these see Functions and properties that are blocked in sandbox mode.
The above example of a control displaying the current directory will display an Error when the 'sandbox mode'
is enabled in both Access 2000 and Access 2003.
Top of Page
Planning For the Future
The next example shows how you can open a recordset on a parameterised query.
- Sandbox Disabled - Allowing potentially unsafe expressions
- Sandbox Enabled - Low Level Macro Security
- Sandbox Enabled - Medium Level Macro Security
- Sandbox Enabled - High Level Macro Security
For an excellent discussion of 'sandbox mode' see How To Avoid An Access 2003 Sandbox Storm.
As Garry points out in his article, a lot depends on how you wish to be perceived by your customers, and
arguing in favour of allowing 'potentially unsafe expressions' may not be the image you want to project.
In my own opinion upon close examination of the functions that can not be used, I see little problem with my
own applications. I am much more concerned with dealing with the fall-out of preventing applications from
displaying 'unsafe expression' warnings, and struggling with the implications of how others may have defaulted
and locked the 'macro security' level.
For more information on specific issues see Frequently asked questions about Access security warnings.
Top of Page
Top of Page