|
Vladim?r Klaus
Guest
|
Hello,
I've created my first simple add-in for Outlook.
In dialog there is one button with (simplified):
Outlook := TOutlookApplication.Create(nil);
IFolder := Outlook.GetNamespace('MAPI').GetDefaultFolder(olFolderInbox);
IMail := IFolder.Items.Item(1) as MailItem;
if Assigned(IMail) then begin
cxMemo1.Lines.Text:=IMail.Subject;
end;
And this works without any Security dialog. Why?
Vladim?r |
|
Posted 03 Mar, 2014 09:06:18
|
|
Top
|
|
Andrei Smolin
Add-in Express team
Posts: 18791
Joined: 2006-05-11
|
|
Posted 03 Mar, 2014 09:28:23
|
|
Top
|
|
Vladim?r Klaus
Guest
|
Hello Andrei,
I use Windows 7 64bit & Office 2010 32bit & MS Security Essentials... and everything is up to date.
When I run your test app (outlook-security-manager-samples.zip\VCL\Simple\) it works perfectly. It shows or doesn't show security warning.
But why your another components "ignores" this and always work without any security warning?
Sorry for this stupid question but I use your components only a few hours.
Vladim?r |
|
Posted 03 Mar, 2014 11:45:55
|
|
Top
|
|
Andrei Smolin
Add-in Express team
Posts: 18791
Joined: 2006-05-11
|
Hi Vladim?r,
Two scenarios are possible:
- the other application doesn't use protected properties/methods
- you start the other application right after you test the sample project switching security warnings off
Andrei Smolin
Add-in Express Team Leader |
|
Posted 04 Mar, 2014 01:11:07
|
|
Top
|
|
Vladim?r Klaus
Guest
|
Hello Andrei,
I try to explain in different words. :-)
1) The first app is created in Delphi + your Security Manager (it is your example app). And I can switch security on/off. Everything works perfectly, exactly as expected.
2) The second one is Outlook add-in created in Delphi and without Security Manager. There is one function which is exactly the same as in 1) but there is no line with "OlSecurityManager1.DisableOOMWarnings := True;". And this function works without security warning. AT ANY TIME! After Outlook restart, after Windows Restart...
Does it mean your add-in component(s) removes this protection automatically?
Vladim?r |
|
Posted 04 Mar, 2014 03:34:07
|
|
Top
|
|
Andrei Smolin
Add-in Express team
Posts: 18791
Joined: 2006-05-11
|
Vladim?r,
Add-in? It does make the difference!
In that article (see the link above) they state:
In-process Outlook add-ins run in the process of the host Outlook program. In-process COM add-ins in Outlook are trusted by default. These COM add-ins are registered on the list of trusted applications by the client computer's administrator, and must use the Application object that is passed to the OnConnection event of the add-in. Note that if you create a new Application object by using the CreateObject method, that object and any of its subordinate objects, properties, and methods are not trusted.
In other words, it is sufficient for the add-in to use the Outlook.Application object which it is given at startup (specifically, in the IDTExtensibility2.OnConnection method). In Add-in Express, that Outlook.Application object is accessible via the OutlookApp property of the add-in module.
In addition to what they explain about getting security warnings when using an untrusted Outlook.Application, I'd point out this possibility: an Exchange admin can apply some setting generating a security warning when your add-in (or standalone application) accesses Namespace.CurrentUser in code. This security warning can be avoided only by using Security Manager.
Andrei Smolin
Add-in Express Team Leader |
|
Posted 04 Mar, 2014 03:52:52
|
|
Top
|
|
Vladim?r Klaus
Guest
|
Hello Andrei,
oh yes, add-in! I wrote it at the first line of this discussion :-)
Thank you very much for excelent explanation! I suppose I will use your Security Manager in every place. For sure.
Have a nice weekend.
Vladim?r |
|
Posted 07 Mar, 2014 04:25:36
|
|
Top
|
|
Andrei Smolin
Add-in Express team
Posts: 18791
Joined: 2006-05-11
|
Ah! That was my fault!
Have a nice weekend, too! ))
Andrei Smolin
Add-in Express Team Leader |
|
Posted 07 Mar, 2014 05:54:13
|
|
Top
|
|