The Expression Service has been a part of the Jet database engine for a long time. It is used whenever and wherever expressions are evaluated in Access and also it communicates with the VBA expression service. If you think about all the places in Access that can accept an expression, that's a lot! In terms of security, the surface area for expressions is quite large, so it was not feasible for Microsoft to add expressions to the digital signature for a database. The performance implications of scanning each entry point for an expression would have brought a database to its proverbial knees. (Databases don't really have knees.)
Microsoft takes security very seriously, and it's looking at its software for anything that provides an opportunity for someone to exploit it and maliciously attack your computer. You've seen how the Shell function could be used maliciously. So, how do you protect against an expression that can be misused?
The answer is by enhancing the sandbox mode for the Expression Service. Sandbox mode was first introduced in Jet 3.5 Service Pack 3 and Jet 4.0 Service Pack 1. That's right—for Access 97 and 2000. The enhancements made to the Expression Service for Access 2003 actually made expressions more usable than in previous versions. An enhanced sandbox mode was half of the overall security story for Access 2003. But this book is about Access 2007.
When sandbox mode is enabled in ...