The need for ‘read-only’
Now let’s get down to the main topic for this week. Nowadays, Word documents are used very often to send proposals, project plans, research papers, manuscripts and so on. We often want the guarantee that the original document sent should not be editable by the recipient. In addition, we want to ensure that unauthorised persons are not even able to open the document.
Preventing unauthorised access
To ensure that only authorised persons can see the document (open it) you simply put in the Password to Open. This way, before the document is opened, the user is asked to enter a password. More importantly, the document does not display plain text even if it is opened in a raw editor like Notepad. Not many know that assigning a password actually encrypts the contents of the Word file, so that the plain text is not visible within or outside Word.
The programmatic way of doing this while saving the document is:
Activedocument.saveas ,,, “”
Now, after sending the document to the intended recipient, you have to somehow communicate the password. This is easy enough if you regularly communicate with them. In fact, if you regularly exchange confidential documents with specific persons, it is a good idea to predetermine a separate password for communication with each of them.
This simplifies the communication further and does not require you to communicate the password every time you send a document.
Of course, there are better ways of doing this using digital signature technology. But just consider how many documents you send or receive with digital signatures as of today, and then you will understand the elegant utility of my suggestion! Now we have prevented unauthorised access. But what about the additional requirement of even authorised persons not being able to modify the document?
Preventing modification
This is also available as a base feature of Word. You need to specify another password called “Password to modify”. You can enter these passwords from the File - Save As dialog - Tools - Security Options (Office XP dialog. Other versions have a different set of menus but the password options are still available). Here is how the dialog looks.
Now when you enter the password for modification and save the document, the user needs to enter two passwords while opening the file. Once for opening the file and another if modifications are to be done to the file. If you put a modification password and not inform the customer about this password, the document can only be opened and read by the recipient but not modified. However, there is a major problem in the scheme of things in this case. The code for inserting open as well as modify password is:
Activedocument.saveas,,, “ ,,” _
The problem
When you do not have password to modify, you can choose the Open Read Only button from the password entry dialog.
Now the document opens and displays (Read-Only) in the title bar. But to your surprise, you can still modify the document! When you try to save it, the document forces you to save it as a different file name. If you try to save it using the same file name, it will generate an error, stating that the file is read-only.
I would say, this feature does not serve the purpose of making a document read-only at all. Why do we want the document read-only? We really want it to become non-editable.
Moreover, we do not even want the chance that the user can use Select All - Copy and then paste the entire content of your document into another document and peacefully save it!
S(he) can of course print it for reference. Some customers have even gone to the extent of saying that even the Print Screen key should not work! This is rather extreme. But believe me, with some clever programming, even this need can be satisfied. Anyway, that would be the topic for another article. For now, let us find a way of achieving a truly read-only, non-editable and non-cut-pastable(!) document in Word. This would be a great achievement in itself.
The trick and the solution
The solution to this problem is not very obvious. In fact, I have not come across any documentation which specifies the usage as is mentioned in this article. I myself found this feature while trying to do something else. Now let us come to the solution. First I will simply give the steps to achieve the desired protection. Then I will explain it.
To make a Word document really read-only follow these steps.
1. Write the document as usual.
2. When you finish writing the document, save it. Now save it as another document to make a copy of the original document. Why so? Read on to find out!
3. Move your cursor to the end of the document.
4. From Tools menu, choose Customise. A dialog appears listing available toolbars. If it is not already selected, choose the Forms toolbar by enabling the checkbox next to it. Click on close button.
5. Now you will see the Forms Toolbar.
6. This toolbar allows you to make fill-in-the-blanks type of forms within a word document. We will not go into the details of these types of forms in this article. But for now, just click on the first toolbar button from left (where ab is written). The tool tip for this button is “Text form field”.
7. Now at the cursor a small grey patch will appear. This is the text entry form field.
8. Double click on this grey patch. A dialog will appear. In this dialog, clear the check box labelled “Fill-in enabled”. Close the dialog by a click on the Ok button.
9. The grey area will continue to appear. To remove the grey shading, click on the Form Field Shading button on the toolbar. Now the grey shading will disappear. In effect, the field is no longer noticeable.
10. Now all that you need to do is to protect the document. To do this, choose Tools - Protect Document... menu option. Another dialog appears.
11. Choose the Forms option and enter a password and choose Ok button. You will be asked to re-enter the password with a detailed warning. Take the warning seriously. Believe me, you yourself cannot edit the document if you forget the password! Now you know why I asked you to save the original document with protection. In case you forget the protection password (which all of us do very efficiently time and again ), you have a safe editable copy at hand!
12. Now, in order to prevent unauthorised access, choose File-Save As option and Select Tools - Security options tab to enter the regular Password to Open. This password should be different than the form protection password you entered earlier. The password to open will need to be communicated to the intended recipient. So the document protection password should be different.
13. Now save and close the document.
Nothing great seems to have happened yet. Actually it has, but it is not apparent. To see the magic, follow these steps:
1. Open the document.
2. Enter the password to open. The document opens as usual. Contents are seen.
3. Now try editing the document. Sorry, you can’t.
4. Try highlighting the text. No luck
5. Try select all from Edit menu, sorry again. The option is disabled!
6. Try all the things you can think of to select and copy the text. Sorry. Nothing works.
7. Try the Save As option. While saving as, you can of course remove the Password to open. But that is your risk because, you are making the document prone to unauthorised use. But yes, in our quest to make the document editable, let us try that also. Remove the Open password. Save it as another document.
8. Open this newly saved document and again try to select/copy the text. Sorry sir. Does not work.
Now, of course we are all techies, we know programming. We know the Word object model. So let us try to get the text programmatically. Incidentally, the simplest way to get all the text in the document and paste it into another document is as follows. Assume that there are two documents open. One document contains text (filled.doc) and another document is blank (blank.doc)
Here is the code to get all the text from filled.doc into blank.doc documents(“blank.doc”).range.Text = _ documents(“filled.doc”).Range.Text
Simple and effective, isn’t it.
Now with this knowledge, try to do the same with the protected document. Let us say our protected document was called “safe.doc”. Open the safe.doc and try the following code.
documents(“blank.doc”).range.Text = _
documents(“safe.doc”).Range.Text
Now, you are almost sure it would work. Tough luck! You get a very nice error as shown below.
The only way to duplicate this document and make changes to it is to visually see the original document and re-type all the text and formatting! Of course this can be done but it is so much more difficult now!
The technology behind the trick
The technology lies in the fill-in-the-blanks form fields of Word. When you have a form that has a fixed layout and content and some variable data entry, like say a Leave Request Form, you use the form fields. Now in order to make sure that end users enter only the form field data and not change the base form text, you have to protect the document using a password. That is what we did. However, we did not want to use the form field at all. It was a dummy field. So we disabled the fill-in feature of the form field (the grey coloured text box). Now nothing is editable in the document. And that is why all the features related to editing—typing, cut, paste, select all, mouse based text selection—were disabled. So we achieved our purpose effectively.
Lessons to be learned
- Exploring features is a great method of enriching knowledge.
- It requires great amount of thoughtful design effort to make features work effectively.
- If you are providing programmatic access to your application functionality, the same restrictions that are applied to menus must be applied to programmatic usage.
- Effective usage of a simple feature can lead to great value. Even companies that regularly use digital signatures and various other sophisticated methods for secure document interchange can still use lots of unprotected documents. This trick is usable by anyone who has Word.
- Apart from obvious usage of a feature, innovative thinking can lead to additional usage scenarios. The only method of unearthing these scenarios is curiosity coupled with knowledge.
No comments:
Post a Comment