# Password Protected Excel Macro Becomes Fully Visible in Open Office



## Rene Karolyi (Dec 4, 2008)

Hi!

I have invested a lot of time and considerable effort to compose and program a quite complex technical application for my customers. I have taken all necessary steps, to avoid the user and of cause competitors from looking behind the scenes by using some of the techniques I learned through this very forum  and by password protecting the VBA code. 
Now, quite by chance I discovered that, if my spreadsheet application is opened with *Open Office* the VBA code becomes exposed without Open Office even asking for the password to be supplied . Just like that. From this I understand, that MS Excel does not encrypt the VBA code at all.  Quite a serious security flaw as I see it!
  Is there something that can be done to avoid this issue to happen and that keeps the code invisible if the password is not supplied? 
  It is really crucial! I will very much appreciate any help from your side!
Thank you in advance
Rene


----------



## Noel Holland (Dec 9, 2008)

One option is to divorce the VBA code from the core spreadsheet and save it in an excel addon (.xla) file. This reduces the likelihood that someone will "stumble" across your code.

The reality is that if someone wants to break into your code they can no matter how well chosen the password. All it takes is the will to break open the file, two seconds with google for a password ******* app and the time for the ******* app to run through it's paces. The only real protection you have is contractual.


----------



## RoryA (Dec 9, 2008)

If you need real code security, you need to use a compiled language like VB6, C++  or a .net language. VBA project passwords can be broken easily with a simple hex editor if you really want to. For a commercial app, you probably need something more robust if you think competitors are likely to try and steal your Intellectual Property!


----------



## xenou (Dec 21, 2008)

Not sure if this helps or not but this thread refers to some tools intended for such situations:
http://www.mrexcel.com/forum/showthread.php?t=340969

More links (probably redundant to those in the above post):
http://www.lockxls.com/?gclid=CNC2lc...FQFvGgodhHC2zA
http://www.calc4web.com/
http://orlando.mvps.org/XLtoExeMore.asp
http://www.doneex.com/
http://www.mrexcel.com/forum/showthread.php?t=340969

Not sure how they work or what OO would do with such files


----------



## upsidemark (Sep 10, 2009)

I'm having the same problem. However, I noticed that if you try to open up some of the standard add-ins like the Analysis Toolpak (funcres.xla) in OpenOffice you can't see the protected code. 

Does anyone know how this is achieved?


----------



## xenou (Sep 11, 2009)

[Edit: Deleted. Missed the point - doh!]


----------



## santanuKD (Feb 24, 2011)

What is meant by Open Office here ??



Rene Karolyi said:


> Hi!
> 
> I have invested a lot of time and considerable effort to compose and program a quite complex technical application for my customers. I have taken all necessary steps, to avoid the user and of cause competitors from looking behind the scenes by using some of the techniques I learned through this very forum  and by password protecting the VBA code.
> Now, quite by chance I discovered that, if my spreadsheet application is opened with *Open Office* the VBA code becomes exposed without Open Office even asking for the password to be supplied . Just like that. From this I understand, that MS Excel does not encrypt the VBA code at all.  Quite a serious security flaw as I see it!
> ...


----------



## Joe4 (Feb 24, 2011)

See here: http://en.wikipedia.org/wiki/OpenOffice.org


----------



## Darwood (Jan 25, 2012)

rorya said:


> If you need real code security, you need to use a compiled language like VB6, C++  or a .net language.


.Net languages only compile to CLR so you still don't have real code security with that.


----------



## RoryA (Jan 25, 2012)

No, but it is considerably more secure than VBA.


----------



## Rene Karolyi (Dec 4, 2008)

Hi!

I have invested a lot of time and considerable effort to compose and program a quite complex technical application for my customers. I have taken all necessary steps, to avoid the user and of cause competitors from looking behind the scenes by using some of the techniques I learned through this very forum  and by password protecting the VBA code. 
Now, quite by chance I discovered that, if my spreadsheet application is opened with *Open Office* the VBA code becomes exposed without Open Office even asking for the password to be supplied . Just like that. From this I understand, that MS Excel does not encrypt the VBA code at all.  Quite a serious security flaw as I see it!
  Is there something that can be done to avoid this issue to happen and that keeps the code invisible if the password is not supplied? 
  It is really crucial! I will very much appreciate any help from your side!
Thank you in advance
Rene


----------



## Darwood (Jan 25, 2012)

rorya said:


> No, but it is considerably more secure than VBA.


 true, true!


----------



## sabret00the (Jul 1, 2013)

In my case I have a lot of old vba macros with me which were created by employees who are no longer in the organisation. The modules are password protected so although I can see the the entire vba codes in Open Office but I'm unable to locate the actual password to unlock the modules in MS Excel.

Any help will be appreciated.


----------



## RoryA (Jul 1, 2013)

I'm afraid it is against forum rules to assist with any sort of circumvention of security measures.


----------



## oggi38 (Apr 8, 2014)

hi, 
i think that the only way is to make .xlam open-libre office cannot bypass its protection.


----------

