search

jmcnamara / XlsxWriter

A Python module for creating Excel XLSX files.
https://xlsxwriter.readthedocs.io
BSD 2-Clause "Simplified" License
3.64k stars 632 forks source link

New feature / signature file for vba projects #283

Closed arueckle closed 8 years ago

arueckle commented 9 years ago

VBA projects in excel can be signed. Users in excel can choose to only execute macros from trusted sources. The vba signature file is named "vbaProjectSignature.bin" and is located in the same folder as the vba project.

We extended the library to support adding vba signatures alongside with the vba file.

This is the fork: https://github.com/arueckle/XlsxWriter This is the pull-request #280

jmcnamara commented 9 years ago

Hi,

Sorry for the lag on replying. I've been very busy in recent months.

There haven't been any requests for this but it seems reasonable.

I'm not very familiar with adding signatures to VBA files so maybe you can add more information to this thread about what they are, how you create them, any advantages or disadvantages. I prefer to use the Feature Request for discussions on the interface and the PR for discussion on the code.

From a technical point of view the PR needs to be split into two where each one addresses a features request.

Also, the PR should only contain 1 commit. You will need to squash/rebase the changes into a single commit. I'm not against a logical separation on changes into a patchset but the PR cannot contain incremental changes like this bugfix for something added earlier in the patchset: https://github.com/arueckle/XlsxWriter/commit/0d2c159489148480a9977d4e814fa5a9a700888a

It is okay to work off master.

You should also update this feature request with a example of the proposed API.

arueckle commented 9 years ago

Hi John,

thanks for your reply.

So why do we want to use VBA signatures? Excel macros / vba can be digitally signed, just like a standard executable. With a signed macro, users can verify that this piece of software comes from a trusted source. Excel users furthermore can decide to only allow the execution of macros from certain sources/developers. In some environments, users are not allowed to execute macros from untrusted resources.

VBA signatures are separate files which are included in the xlsm file, therefore we extended your library with some logic to add such signatures.

I'll ask a collegue of mine to further share some comments on how to create a signed VBA file. Furthermore I'll take care about changing/splitting the pull-request. However, since I'm a bit short on time right now, this may take a while.

Regards, Andreas

jmcnamara commented 9 years ago

I'll ask a collegue of mine to further share some comments on how to create a signed VBA file. Furthermore I'll take care about changing/splitting the pull-request. However, since I'm a bit short on time right now, this may take a while.

No problem. Take you time.

jmcnamara commented 8 years ago

There doesn't seem to be any progress on this and there hasn't been any general interest, so closing.

jmcnamara commented 1 year ago

Note, this feature was eventually merged to main. See #1009