If you don’t see an answer to your question about Xwa, please contact us.
Select a question to expand it to show its answer. When you’re finished reading the answer, you can select the question again to make the answer disappear.
What can I do with Xwa? Above all, with Xmart Web Api you can: 1. Connect VBA to databases without using connection strings In addition, with Xwa you don’t have to know how to program databases. For instance, ORM tools can generate this syntax for you. Therefore, you can focus on developing dashboards, reports and other important parts of Office application. To whom is Xwa dedicated? Tons of software has been written using VBA and Microsoft Office. Banks, insurance companies and any other large enterprises are still actively using their Office VBA solutions. At some point these files expose connection strings with makes them highly insecure. Documents might leak, with usually leads to disastrous results. For example, ransomware can encrypt data and block access to it unless a ransom is paid. And that’s just one scenario. Xmart Web Api can prevent that, because with Xwa secrets are never exposed. Xmart Web Api can make your life easier, because you will control usage of your applications. In order to use your application, users need to activate licenses. In addition, this also improves documents workflow security, because application prepared with Xwa is unusable when api is not installed or license is not active. With Xwa you can easily move your VBA solutions to the cloud. Therefore, your users may use application at any time. This allows for live dashboards data and highly actual raptors on demand. Do users have to install/download anything? No. User distribution can be simply done using Office documents. User gets a document, opens it and the whole process is automated from that point. Installation is done per user, so no system administrator is involved. This greatly improves distribution process and allows for always up-to-date deployments. If needed, installation can also be authorized. In that case, user is prompted for admin credentials. It improves security but requires system admin involvement. With Office versions are supported? Xwa is compatible with these Microsoft Office for Windows versions: In addition, Xwa works on these versions, but they are not officially supported: With database systems are supported? Xwa currently supports these database systems: Caution: when using Microsoft SQL Server in cloud scenarios, the minimum version should be 2008 SP4, because it’s the earliest version that supports the TLS 1.2 protocol. The support for below database systems is under development: Other systems that are currently prioritized: Oracle, PostgreSQL. Where are connection strings kept? There are two options: This service provides database connections on VBA’s demand. Values are kept on server, encrypted with custom secrets. Because passwords are on developer’s side, it is 100% safe to use service instance hosted by X-mart. However, it is also possible to host Key Vault Service in your company’s network. Recommended for cloud based solutions and intranets. Xwa technology allows to embed encrypted connection strings directly into the Office file structure. In other words, connection strings can be encrypted inside Office document. Since this option never requires internet (or intranet) access, it is recommended for offline solutions. Either way, connection strings are never exposed to VBA or anywhere on Office document. See How it works for working example. How is my data protected? See How it works for working example. Hybrid data encryption approach is used for best possible cryptographic effect on any sensitive data that requires protection. Connection strings can be kept on server using Key Vault Service. For more information, please expand the “Where are connection strings kept” node. Any data that is exchanged with database can be additionally encrypted in TLS tunnel. Data server has to be configured with SSL certificate, with greatly increases security. All data sources used in cloud scenarios should use TLS. Client requests can be additionally validated with optional JWT or custom tokens. For instance, database can decide if client request should be processed or not. With Xwa, VbaProject can be guarded against any unprotection attempts and/or code changes. Therefore, an attempt to unprotect or edit post-published code will result in faulted state, in with application is unusable. Office solutions based on Xwa will only work on workstations that were previously validated with licensing system. In other words, user’s computer must pass a one-time license activation. Office documents that use Xwa will only work on activated licenses. Both license activation and update requires internet access. Developer can decide with workstations can use certain connections. This allows to create applications with will work only for certain customers. If database system is supported by Xwa, you can use all of it’s native security system. This means that in addition to above security layers, you can setup your database to be maximally secured. For example, you can use standard security or trusted connections (active directory) in Microsoft Sql Server. What are licensing options? Every Xwa application requires a license. License can be granted for a certain amount of time and must be activated. In order do activate, customer needs to input credentials (can be automated). Once activated, a license is bound with its host computer and can be only used there. Usage time can be changed in any moment. Both license activation and its update require access to the internet. When granted time passes, application cannot be used and will not run. Any attempt to break a license, including system time manipulations, will occur in locking the license. Licensing system guarantees that only validated users will use applications prepared with Xwa. In conclusion, it allows for commercial distribution and also for strict control of who uses company’s documents. Can users share Office files? Generally no, but – as always – it depends: No – Office applications prepared with Xwa can only be used on workstations with active licenses. Therefore, if user’s computer doesn’t have Xwa installed and activated, Office application will be unusable. Yes – if two workstations have active Xwa licenses, they can share the same Xwa application. However, developer can restrict usage for certain customers. This means that even when user has valid license, application can be used only if it is exclusive. Application usage can also be restricted with tokens – see “how is my data protected” node for more information.
2. Generate VBA code from SQL and SQL code from Office objects using ORM
3. Commercially distribute Office files with licensing system
4. Strictly control who and when is using your solutions
5. Upload and download files with cloud storage
6. Send emails and text messages from VBA without exposing api secrets
7. Guard VbaProject against post-publish edit and unprotection attempts
8. Automate database installs and updates
9. Use other api features, such as asynchronous operations, serial port connections, media playback etc.
10. Save time generating data access layers
11. Quickly integrate existing solutions making them safer to use * Companies that use VBA solutions and should secure their applications and document workflows
* Individual developers that use Office and VBA
* Anyone who uses VBA for reading and writing data from/to SQL databases
1. Key Vault Service
2. Encrypted block in Office file structure
Of course you can also use this approach in cloud or any other solution – your database connections don’t have to be depended on any service.1. Connection strings (and any other secrets) are never exposed in VBA code or in Office documents
Effect: in contrast to classic VBA, nobody can see vulnerable data – even in unprotected documents.2. Hybrid data encryption
Effect: there are no applications that can read data with is encrypted that way.3. Server-side connection storage with Key Vault Service
Effect: connection strings are even more secure, because server can only be accessed by data administrator (above all, recommended in cloud scenarios).4. Encrypted database connections with SSL/Tls 1.2 (ready for Tls 1.3)
Effect: additional data protection – it is impossible to read data without proper SSL certificate.5. Possible token validation
Effect: extra protection logic with allows for custom client validations.6. Vba project protection
Effect: guarantees that once published, application code stays intact.7. Protection by licensing system
Effect: user needs a valid license to use Office application prepared with Xwa.8. Possibility to restrict connection usage only to certain workstations
Effect: even when workstation’s license is valid, application can by used only by exclusive customers.9. Native database security
Effect: Xmart Web Api is fully compatible with database system’s security settings.