1

To avoid database bloat, I often create temporary databases to store working data tables. I'd like to create these files in the user's %TEMP% folder. However, if I do that Access presents the following dialog to the user:

A potential security concern has been identified.

File path: C:\Users\JDoe\AppData\Local\Temp\TempDb\temp_001.mdb

Do you want to open this file or cancel the operation?

If I try adding this folder (or any subfolder of the %TEMP% folder) to Trusted Locations, I get the following error message:

The path you are using is not a valid location or cannot be used as a Trusted location for security reasons; please check the path you have typed or choose another location or a specific folder.

Is there a workaround for this? I understand the reasoning behind disallowing the %TEMP% folder as a trusted location. I just feel like I'm stuck in a catch-22.

mwolfe02
  • 23,787
  • 9
  • 91
  • 161
  • My current workaround is to save the temporary db in the application path (i.e., the same path as the mdb/accdb that I am running). The problem is that occasionally the temporary files are not cleaned up properly (e.g., if the user manually kills the msaccess.exe process) and tend to accumulate. Besides, these are temporary files and should be stored as such. – mwolfe02 Dec 12 '16 at 20:49
  • Is this an option? http://stackoverflow.com/questions/29469747/how-to-disable-access-security-notice-a-potential-security-concern-has-been-ide – Rick S Dec 12 '16 at 20:50
  • @RickS: I'm not sure that would work in this specific case. I would need to be able to digitally sign a database that I am creating on the fly. I'm not saying it's impossible, but I've never seen it done. It's an interesting idea, though. – mwolfe02 Dec 12 '16 at 20:55
  • 1
    Found [confirmation](https://blogs.office.com/2006/08/01/trust-center-part-4-trusted-locations/) that the %Temp% folder can't be used as a trusted location: "To further mitigate the risk of 'rogue' Trusted Locations...Office 2007 explicitly blocks certain risky folders, like the Outlook cache for attachments, the Temp folder and others where documents are sometimes temporarily stored and will never trust them." – mwolfe02 Dec 12 '16 at 21:10
  • Could you create a .NET COM library to manage the temp db and call it from Access? Or maybe you could try [this](https://bytes.com/topic/access/answers/692003-access-2007-runtime-security-issue#post2752405)? – Rick S Dec 12 '16 at 21:30
  • @RickS: I did try adding the location to the registry in code. It didn't work because Access (actually all Office apps) has a hard restriction that does not allow any trusted locations within the Temp folder. And the .NET COM idea is creative, but more effort than I want to put into this. Thanks for the ideas. – mwolfe02 Dec 12 '16 at 21:47

1 Answers1

2

My suggestion: keep using the application path.

And in your startup code, delete all temp files, e.g.

Kill CurrentProject.Path & "\temp_*.mdb"

So any rogue files are removed when the application is run the next time.

Andre
  • 26,751
  • 7
  • 36
  • 80
  • Based on the confirmation that the %Temp% folder can't be used as a Trusted Location (see comment in question itself), I'd already circled back to this as the best workaround. Glad to see someone else come to the same conclusion. "Great minds" and all that... – mwolfe02 Dec 12 '16 at 21:44