Reality dictates that while most programmers use their power and knowledge for good, there are also those who work with a far darker intent. Because of this, security has always been a big concern to educated Office users. Many safeguards have therefore been implemented to both complement and protect against the great amount of power that has been put at the fingertips of developers in the form of VBA.

The benefits of VBA are incredible, as it provides us with tremendous flexibility when working with a user's system, but VBA also affords the same capability to those with nefarious intent. While we can craft routines that automate entire business intelligence applications and span thousands of lines of code, it only takes a single line of correctly crafted code to render a system unusable. Not wanting to completely remove the functionality and benefits of automation, Microsoft has been left the difficult task of balancing the two sides of this coin: giving developers the access they need while protecting users from those with ill intentions. It is a difficult balance to strike, to be sure.

Fortunately, Office 2007 provides several enhancements to the security model that are targeted at both protecting the end user and making the life of the developer easier. Since every dynamic customization that we create requires using a VBA callback, it is imperative that we understand and master the concepts of security in the Office environment. This chapter ...