Hello guys, nice to join you (1 Viewer)

[eLawson]

i have used Access since 1995. i love it so much. i can develop file-server apps. i was transferred from the IT dept to other departments where i was not allowed to develop apps.

Recently, though, i am back to IT department, and have learned how to develop client-server apps having Access as front-end and SQL Server as back-end.

Newer guys in IT dept do web-app development, using javascript and node.js and oracle APEX etc.

Also, the Informations Security office, subject their code to Vulnerability Assessment and Penetration testing using various tools. They also use Checkmarx for Code Reviews.

Now they want to use Checkmarx to review my client-server app. The front-end is in accdb format.

i am yet to make the file available to them.

Questions on my mind are as follows:

1. Can Checkmarx be used to check the vba code in the accdb file?
2. Since it is not a web app, is it necessary to do any such checks on the code?
3. If Checkmarx is not applicable, what tools can they use to check the code in my app?

Thank you in advance, as i await responses.

- Emmanuel

 

[theDBguy]

Hi. Welcome to AWF!

 

[eLawson]

Hi. Welcome to AWF!

Thank you.

 

[jdraw]

Welcome aboard AWF, Emmanuel. Personally, I've not heard of Checkmarx.

 

[eLawson]

Welcome aboard AWF, Emmanuel. Personally, I've not heard of Checkmarx.

Thank you @jdraw. Though you haven't heard of Checkmarx, i would still appreciate what you are familiar with. Do you think client-server apps would normally need their code reviewed by Information Security professionals in an organization?

Secondly, i am now realizing that instead of just introducing myself here, and posting my question in the appropriate forum section, as suggested, i went ahead of myself and posted the question here. How can i make amends?

Thanks.

- Emmanuel

 

[pbaldy]

How can i make amends?

Buying a round would go a long wa...never mind.

Welcome aboard. I can move this thread if you'd like, or you can post your question in the appropriate forum.

 

[eLawson]

Buying a round would go a long wa...never mind.

Welcome aboard. I can move this thread if you'd like, or you can post your question in the appropriate forum.

Hello @pbaldy: Thank you very much for this reply. Kindly move the thread for me. Okay?...And forgive me for asking the meaning of "Buying a round would go a long way..." I am not familiar with lots of English idioms. (I live in Accra, Ghana, where most of us haven't learnt the language as well as we should. )

Edit: i just looked up "buying a round." Thank you very much.

 

[The_Doc_Man]

The problem with code validation is that VBA (used underneath Access, Excel, Word, PowerPoint, Outlook, and a few others) is a pseudo-compiler. VBA generates emulation code for a virtual CPU (and we can't guarantee the implied characteristics.) It doesn't create binary code like more traditional language compilers. Therefore, the only thing that would be able to validate your code would be a text-oriented code analyzer that understands VBA syntax. Good luck on finding one of those.

 

[The_Doc_Man]

I'll move it to General and leave behind a link which will expire in a week.

 

[eLawson]

I'll move it to General and leave behind a link which will expire in a week.

Thank you very much, @The_Doc_Man

 

[eLawson]

The problem with code validation is that VBA (used underneath Access, Excel, Word, PowerPoint, Outlook, and a few others) is a pseudo-compiler. VBA generates emulation code for a virtual CPU (and we can't guarantee the implied characteristics.) It doesn't create binary code like more traditional language compilers. Therefore, the only thing that would be able to validate your code would be a text-oriented code analyzer that understands VBA syntax. Good luck on finding one of those.

Wow! This is enlightening! i will send it to them. Thank you very much.

 

[Pat Hartman]

Welcome. Glad to have you join us

1. Can Checkmarx be used to check the vba code in the accdb file?
2. Since it is not a web app, is it necessary to do any such checks on the code?
3. If Checkmarx is not applicable, what tools can they use to check the code in my app?

1. Not likely since this is a web app focused tool and none of them use VBA. The closest is probably VB.Net and most of Access code revolves around application objects so the syntax would not be recognized. It is fairly easy to extract all the code from a database into text files. We can help with that if that would solve the problem
2. I don't think so. There is no exposure to anything outside of your LAN with an Access FE so if your LAN is secure from external hacking, then the Access app is also. Internal hacking is a whole different issue since the .accdb, even when "compiled" to an .accde is crackable. Adding malicious code can't be done to an .accde though since it contains no source code. Your master .accdb should be better secured and not available to most users.
4. None that I know of. You can go the old walk-through route though. That should work but only if the other programmers in the walk-through have some knowledge of VBA, perhaps by using it in Word or Excel or other Office products.

 

[eLawson]

Welcome. Glad to have you join us

1. Not likely since this is a web app focused tool and none of them use VBA. The closest is probably VB.Net and most of Access code revolves around application objects so the syntax would not be recognized. It is fairly easy to extract all the code from a database into text files. We can help with that if that would solve the problem
2. I don't think so. There is no exposure to anything outside of your LAN with an Access FE so if your LAN is secure from external hacking, then the Access app is also. Internal hacking is a whole different issue since the .accdb, even when "compiled" to an .accde is crackable. Adding malicious code can't be done to an .accde though since it contains no source code. Your master .accdb should be better secured and not available to most users.
4. None that I know of. You can go the old walk-through route though. That should work but only if the other programmers in the walk-through have some knowledge of VBA, perhaps by using it in Word or Excel or other Office products.

Thank you very much @Pat Hartman for these answers. I am glad I found this forum. I shall wait for them to discover on their own that Checkmarx cannot do what they want to do, and see whether they would ask for the code to be extracted into text files for them. I can do that on my own. Thank you for offering to do that for me, though. God bless you.