|
-
Sep 7th, 2020, 12:38 PM
#1
[RESOLVED] Challenge - Create Add-In to prevent *.vbw actions
I have little experience with creating add-ins, so I thought maybe some of you that really like this kinda thing might be interested in a new project for the VB community.
For a discussion on this topic, jump to post 125 (page 4) at https://www.vbforums.com/showthread....anetSourceCode
Basically, vbw files do present a potential security risk that could allow usercontrols (UCs) to execute code as soon as a project is loaded into the IDE, before the project is even run. The challenge, if you want to call it that, is to write an add-in that would prevent anything showing up in the IDE's design view that is not a code page on initial load, i.e., form GUIs primarily, but any GUI would be preferred. Why? ...
The vbw file contains statements that could tell VB to display a form, or any GUI, in design view immediately upon loading the project (.vbp). If that form has a UC on it, then that UC's Initialize & ReadProperties events will execute. If there is any malicious or poorly-written code executed from those events, they are executed without you having the ability to stop it, barring an error in that code. If you run your IDE elevated (like most of us do nowadays), that UC has full admin rights too.
Deleting vbw files solves that immediate problem. But unless you are aware of this issue or simply forget, then it can be too late.
The add-in should only trigger on existing projects, not new projects where a new form is almost always displayed.
Granted, this may not be the right place for this thread and if a mod decides to move it, so be it. I tried to search vbForums to see if such a utility/add-in exists, but found none. If anyone knows of it, just post a link here if you would, TIA.
Updates
Eduardo posted a solution in the codebank that will purge a vbw file before VB gets hold of it. And also purge it if VB re-saves it when the project unloads. Post comments about that project at that thread. Here it is
https://www.vbforums.com/showthread....15#post5492915
Curious whether a solution can be found that will allow vbw files, just prevent loading GUIs only at initial project load, and only for existing projects not new projects?
Found a way, posted suggested changes to Eduardo's thread ^^
Last edited by LaVolpe; Sep 7th, 2020 at 05:03 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|