Microsoft KB Archive/288554

= The Outlook object model exposes custom form passwords =

Article ID: 288554

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Office Outlook 2003
 * Microsoft Outlook 2000 Standard Edition

-



This article was previously published under Q288554







SUMMARY
You can assign a password to an Outlook custom form to prevent users from accessing the form in design mode, but the password is not secure because it can be retrieved using the Outlook object model.



MORE INFORMATION
In all versions of Outlook, the object model exposes a Password property on the FormDescription object. This property contains the text of the password that is assigned to a form. In addition, you can access the text of the Microsoft Visual Basic Scripting Edition (VBScript) code in a form by using the ScriptText property.

Outlook custom form passwords should be considered a deterrent so that typical end users cannot gain access to the design of a form. However, these form passwords cannot guarantee that users will not be able to access information about a form's design. 

WORKAROUND
To work around this problem and to make sure that passwords are more secure in Outlook forms, use one of the following methods:
 * Implement Outlook forms as MAPI forms. MAPI forms are compiled code dynamic-link libraries (DLLs).
 * Use Outlook forms temporarily, until you move passwords into a compiled code DLL that is loaded by the Outlook form.

Additional query words: OutSol OutSol2000 OutSol2002 OutSol2003

Keywords: kbhowto KB288554

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.