The evaluation of expressions is a behavior that is
desirable in many circumstances. However, if part of the expression contains a
Shell command, the Shell command is parsed and then executed on the computer.
You can use Sandbox mode to block such operations. However, the
default for Jet 4.0 Sandbox mode is not to enable Sandbox mode for queries that
are run in Microsoft Access. Sandbox mode is enabled for all other non-Access
applications, such as Open Database Connectivity (ODBC).
Understand how to enable or how to disable
Sandbox mode
Warning If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own
risk.
You can enable Sandbox mode for non-Access
applications. To do this, you must install Microsoft Jet 4.0 Service Pack 3
(SP3) or later. After you install this update, the next time that you run Jet a
new registry key is added to the registry. This new registry key prevents this
type of possible security risk. The following is the registry key that is
added:
\\HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\4.0\engines\SandboxMode
For additional information about how to obtain the latest
Jet 4.0 Service Pack, click the following article number to view the article in
the Microsoft Knowledge Base:
239114
How to obtain the latest service pack for the Microsoft Jet 4.0 Database Engine
To make your system more
resistant to malicious attacks, and at the same time make it possible for older
applications to keep running, the operation of Sandbox mode changed in Jet 4.0
Service Pack 8 so that Sandbox mode is completely under your control.
You can set the key to the following values, with 0 (zero) being the most
permissive and 3 being the least permissive:
| Setting | Description |
|---|
| 0 | Sandbox mode is disabled at all times. |
| 1 | Sandbox mode is used for Access applications, but
not for non-Access Applications. |
| 2 | Sandbox mode is used for non-Access applications,
but not for Access Applications. This is the default value. |
| 3 | Sandbox mode is used at all times. |
After you enable Sandbox mode, and then you try to use the
unsafe Visual Basic for Applications functions in a Jet 4.0 query, you receive
the following error message:
Undefined function
'functionname' in expression
Implement Sandbox mode
operations
How you can implement Sandbox mode is extended in Jet 4.0 Service
Pack 8 to be more compatible with Access databases. Previous implementations of
Sandbox mode were too restrictive for most Access applications. Starting with
Jet 4.0 Service Pack 8, the enhanced Sandbox mode continues to block unsafe
Visual Basic for Applications functions, but Jet 4.0 Service Pack 8 now permits
the execution of user-defined functions.
Use Sandbox mode operations with Jet 4.0 Service Pack 3 and later
You can use the following list of functions in Jet queries when
Sandbox mode is enabled. Any functions that do not appear in the list are not
available in Sandbox mode.
| ABS | array | ASC | ASCB |
ASCW | ATN |
| CBOOL | CBYTE | CCUR | CDATE |
CDBL | choose |
| CHR | CHR$ | CHRB | CHRB$ |
CHRW | CHRW$ |
| CINT | CLNG | COS | CSNG |
CSTR | CVAR |
| CvDate | CVErr | date | DATE$ |
DATEADD | dateDiff |
| datePart | DATESERIAL | DATEVALUE |
day | DDB | error |
| error$ | EXP | fix | format |
format$ | fv |
| hex | hex$ | HOUR | IIF |
IMEStatus | inStr |
| INT | IPMT | IRR | isDate |
isEmpty | ISERROR |
| isNull | isNumeric | isObject |
lCase | lCase$ | LEFT |
| LEFT$ | LEFTB | LEFTB$ | LEN |
LENB | LOG |
| lTrim | lTrim$ | MID | MID$ |
MIDB | MIDB$ |
| MINUTE | MIRR | MONTH | NOW |
NPER | NPV |
| oct | oct$ | partition | PMT |
PPMT | PV |
| QBColor | RATE | RGB | RIGHT |
RIGHT$ | RIGHTB |
| RIGHTB$ | rnd | round | rTrim |
rTrim$ | SECOND |
| sgn | SIN | SLN | space |
space$ | sqr |
| str | str$ | strComp | strConv |
string | string$ |
| switch | SYD | TAN | TIME |
TIME$ | timer |
| timeSerial | TIMEVALUE | TRIM |
TRIM$ | typeName | uCase |
| uCase$ | val | varType |
WEEKDAY | YEAR |
Understand Visual Basic for Applications functions that cause errors when called from a Jet query or an Access property when using Jet 4.0 Service Pack 8
The following Visual Basic for Applications functions will cause
an error when the functions are called from an expression in a Jet query or
from an Access property:
| AppActivate | Beep | Calendar | CallByName | ChDir |
| ChDrive | Command | Command$ | CreateObject | CurDir |
| CurDir$ | DeleteSetting | DoEvents | Environ | Environ$ |
| EOF | Err | FileAttr | FileCopy | FileDateTime |
| FileLen | FreeFile | GetAllSettings | GetAttr | GetObject |
| GetSetting | Input | Input$ | InputB | InputB$ |
| Kill | Load | Loc | LOF | Randomize |
| Reset | SaveSetting | Seek | SendKeys | SetAttr |
| Shell | Spc | Tab | Unload | UserForms |
| Width | | | | |