0

I'm working on an Excel tool that needs to synchronize with a CRM via its API. The CRM's API authentication process involves logging in with a username and password, after which a session key is provided for subsequent API calls.

My primary concern is about securely handling this session key:

Authentication:

How can I securely store and manage the session key within Excel after it's retrieved? Are there established best practices or methods for handling session keys in Excel to ensure they aren't exposed or misused? Development:

I'm considering using VBA within Excel for this task. Are there any inherent security risks or limitations with VBA in this context? Alternatively, would an external Excel add-in provide better security features for this purpose? Data Integrity:

Given that users have flexibility within Excel, what measures can I implement to ensure data integrity when syncing with the CRM? I'm looking for technical solutions or established best practices to address these concerns. Any references or documentation would be greatly appreciated.

Improve this question
8
  • What is your threat model? Commented Oct 12, 2023 at 11:38
  • Mainly afraid of someone getting their hands on the Excel file and be able to connect to the CRM or get the credentials/API key Commented Oct 12, 2023 at 12:37
  • By "someone", you mean a user of the Excel tool? Someone who has already access to the Excel file and is allowed to sync with the CRM? Do you fear there is anything an authorized user of the tool could do which is not allowed for them, in case they take the session key and use it in context with a different program? Commented Oct 12, 2023 at 13:56
  • I thought enabling VBA was inherently a security risk which is why VBA macros are disabled by default. Would this require enabling VBA, or is there some other way to provide your functionality? Commented Oct 12, 2023 at 18:34
  • 1
    @Craig: sure, but programs written in other programming languages are also not immune against reverse engineering. And for VBA programs, one can also choose to protect the source code by a password. So I fail to see why a VBA program should be introduce a higher security risk for the problem of handling the session key than something else which runs in the same environment and the same execution rights. Commented Oct 14, 2023 at 8:48

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.