The Outlook object model exposes custom form passwords (288554)


The information in this article applies to:

  • Microsoft Outlook 2002
  • Microsoft Office Outlook 2003
  • Microsoft Outlook 2000
This article was previously published under Q288554

SUMMARY

You can assign a password to an Outlook custom form to prevent users from accessing the form in design mode, but the password is not secure because it can be retrieved using the Outlook object model.

MORE INFORMATION

In all versions of Outlook, the object model exposes a Password property on the FormDescription object. This property contains the text of the password that is assigned to a form. In addition, you can access the text of the Microsoft Visual Basic Scripting Edition (VBScript) code in a form by using the ScriptText property.

Outlook custom form passwords should be considered a deterrent so that typical end users cannot gain access to the design of a form. However, these form passwords cannot guarantee that users will not be able to access information about a form's design.

WORKAROUND

To work around this problem and to make sure that passwords are more secure in Outlook forms, use one of the following methods:
  • Implement Outlook forms as MAPI forms. MAPI forms are compiled code dynamic-link libraries (DLLs).
  • Use Outlook forms temporarily, until you move passwords into a compiled code DLL that is loaded by the Outlook form.
Modification Type:MajorLast Reviewed:7/31/2006
Keywords:kbhowto kbSCRAPKeep KB288554
©2004 Microsoft Corporation. All rights reserved.