- database solutions and downloads for microsoft access

Microsoft Access Sandbox Mode

Microsoft Access 2003 Security Innovations (The Jet Sandbox):

The default database engine underlying Microsoft Access is known as the Jet Engine. Traditionally, the Jet Engine has offered security vulnerabilities, which may compromise the security of your computer system. The Jet Engine allows the use of unsafe expressions in Microsoft Access and VBA functions. Unsafe expressions include some Microsoft Access functions and come VBA shell commands, such as KILL and LOAD, which interface with the operating system to manipulate files, directories and other resources. To eliminate this security concern, the Jet Engine, used with Microsoft Access 2003, Jet 4.0, includes a service pack that allows the Jet to evaluate expressions in forms, reports and queries using the "sandbox mode". The sandbox mode, provided with Jet 4.0 Service Pack 8 (SP8), limits Microsoft Access to evaluating only those expressions that are considered "safe". A safe expression does not have properties or perform functions that allow intruders to access and exploit files, drives, devices or other vulnerable resources.

Sandbox mode is not provided as part of Microsoft Access, but is provided as an extension the underlying Jet Engine. By installing the latest update to Windows and thus, the Jet Engine, Microsoft Access can be configured with the option of including sandbox mode. You must configure Microsoft Access to run in sandbox mode. Microsoft Access will not automatically convert to sandbox mode by, simply, installing the service pack update. When the Jet Engine encounters functions that reference or make use of unsafe expressions, your application will be blocked and you will be presented with error messages.

The Jet will evaluate expressions that can be found in a variety of places, to include default values, calculated fields in a query or property sheet, macro action arguments, certain table properties, control sources, SQL statements, custom properties of ActiveX controls and more. The following Microsoft Access functions and properties are blocked by the Jet Engine when called from a Jet query or Microsoft Access property:

Application Object
AddAutoCorrect AddToFavoriates ADOConnectString AnswerWizard
Application Assistant AutoCorrect BeginUndoable
CloseCurrentDatabase CodeContextObject CodeDb COMAddIns
CommandBars CompactRepair ConvertAccessProject CreateAccessProject
CreateAdditionalData CreateControl CreateControlEx CreateDataAccessPage
CreateForm CreateGroupLevel CreateNewWorkgroupFile CreateReport
CreateReportControl CreateReportControlEx CurrentDb DataAccessPages
DBEngine DDEExecute DDEInitiate DDEPoke
DDERequest DDETerminate DDETerminateAll DefaultWebOptions
DefaultWorkspaceClone DelAutoCorrect DeleteControl DeleteReportControl
DoCmd Echo ExportXML FeatureInstall
FileDialog FileSearch FollowHyperlink GetHiddenAttribute
ImportXML InsertText LanguageSettings LoadFromText
LoadPicture Modules NewAccessProject NewCurrentDatabase
NewFileTaskPane OpenAccessProject OpenCurrentDatabase Parent
ProductCode Quit References RefreshDatabaseWindow
RefreshTitleBar ReloadAddIns ReplaceModule Run
RunCommand SaveAsText SetDefaultWorkGroupFile SetHiddenAttribute
SetOption SetUndoRecording SysCmd TransformXML
BoundObjectFrame Object Object    
Combobox Object Recordset    
Control Object Object    
CurrentProject Object AccessConnection BaseConnectionString CloseConnection Connection OpenConnection    
CustomControl Object Object    
Form Object Dynaset Recordset RecordsetClone    
Hyperlink Object AddToFavorites CreateNewDocument Follow    
Listbox Object Recordset    
ObjectFrame Object Object    
Report Object Recordset    
SmartTagAction Execute    
Screen Object ActiveDataAccessPage    

Sandbox mode has no effect on the VBA code or digitally signed code embedded in your database files. Sandbox mode only affects expressions that use or reference unsafe functions. The following VBA functions are considered unsafe and will generate errors when called from an expression in a Jet Query or an Microsoft Access property.

AppActivate Beep Calendar CallByName ChDir
ChDrive Command Command$ CreateObject CurDir
CurDir$ DeleteSetting DoEvents Environ Environ$
EOF Err FileAttr FileCopy FileDateTime
FileLen FreeFile GetAllSettings GetAttr GetObject
GetSetting Input Input$ InputB InputB$
Kill Load Loc LOF Randomize
Reset SaveSetting Seek SendKeys SetAttr
Shell Spc Tab Unload UserForms

How To Avoid An Access 2003 Sandbox Storm - by Garry Robinson - Editor of