VBA 密码保护

Question

是否有一种方法可以保护 VBA 密码保护免受此类破解:

Is there a way to crack the password on an Excel VBA Project?

或者这个:

https://superuser.com/questions/807926/how-to-bypass-the-vba-project-password-from-excel

我确实需要增强 VBA 代码的安全性，因为它包含敏感的 SQL 数据!

谢谢

Answer 1

不幸的是，你的问题的答案是否定的。没有任何 Excel 密码是完全安全的。

但是，如果您的数据传输工具必须是 Excel，并且您正在尝试混淆 SQL 连接字符串(听起来您的问题就是这种情况)，那么有关在 Excel 中混淆 SQL 连接字符串的文章将会有所帮助。虽然密码最终可以被逆向工程，但它不能作为连接字符串中的纯文本读取，并且需要一定程度的理智来逆向工程。

链接此处并完全归功于@Ruddles:https://www.mrexcel.com/forum/excel-questions/512040-data-connector-hide-password.html

考虑到 future 可能出现的死链接，我冒昧地调换了以下信息:

来自网站:

You process the password through a bit of VBA which converts it into a completely different string. You can then hard-code the string into your VBA because if anyone sees it, they won't be able to use it because it's not the real password. Then when you need to use the password in your code, you run it through the reverse process and that returns the original string.

You can make the code as simple or as complex as you wish - but if someone sees the code they may have enough knowledge to reverse-engineer the process and recover the password. It doesn't really encrypt, it just adds an extra hurdle for people to overcome if they want to access it illicitly. On the other hand, it may satisfy your ndatabase security gurus!

Try this: create a new workbook and open the VBE (Alt-F11), then go Insert > Module. paste this code in the code window:-

代码:

Function Obfusc(oWord As String, nCrypt As Boolean) As String

  Dim iPtr As Integer
  Dim iByte As Byte

  For iPtr = 1 To Len(oWord)
    If nCrypt Then
      iByte = Asc(Mid(oWord, iPtr, 1)) + 99 + iPtr
    Else
      iByte = Asc(Mid(oWord, iPtr, 1)) - 99 - iPtr
    End If
    Obfusc = Obfusc & Chr(iByte)
  Next iPtr

End Function

(这是一个极其简单的例程 - 您可能想让它变得更复杂!)

在立即窗口中 (Ctrl-R) 输入 ?obfusc("MerryXmas#2010",true) 并按 Enter。这将返回 "Hello World!" 的模糊版本，即 "±ÊØÙáÁ×Ìß Ÿ¡¡"。

现在输入 ?obfusc("±ÊØÙáÁ×Ìß Ÿ¡",false) 并按 Enter 键。 (您可能必须复制并粘贴它!)这将返回原始字符串。

因此在实际使用中，您可以通过键入手动获取混淆后的字符串
?obfusc("MerryXmas#2010",true) 并将混淆后的字符串 "±ÊØÙáÁ×Ìß Ÿ¡¡" 粘贴到您的代码中，如下所示:- 代码:

password = obfusc("¬±ÊØÙáÁ×Ìß Ÿ¡¡",False)
conn_str = "Provider=SQLOLEDB.1;Password=" & password & ";Persist Security Info=True

...等等” 这就是总体思路。

如果你真的想通过混淆来进城，你可以按照这里的“教程”进行操作: How to securely store Connection String details in VBA