Security concerns hosting

Hi,

i was wondering if there are any security items i should be aware of when i use the aspose.cells in a hosted environment. The users can upload a excelsheet to have their own custom calculations on the website.

i thought about disabling the macro functionality, dataconnections and references to other workbooks.

Are you aware of any other functionality that could pose a security issue when using excel as calculation engine?

Kind regards
Frans

@Pietswieb,

Thanks for your query.

We have discussed this matter in detail and observed that you have already addressed all the possible vulnerabilities. You may please disable all the mentioned items and share if any issue is observed after these steps.

HI is there a way to easily detect external references from the code(c#) ? And i came across xla add-ins… do these fall under the category external references as well?

kind regards
Frans

@Pietswieb,

You can detect external references with Workbook.HasExernalLinks Method. Moreover, XLA add-ins might have external references but they could not be detected or disabled by the API. If you are able to perform this with MS Excel then share the information so that we can investigate further.

i will do so…

thanks for the response…

@Pietswieb,

You are welcome.

You have a very interesting question. It is quite difficult to achieve security in hosting, I personally had a big problem that my system was very often loaded and forced to break and not start again. My hosting provider explained to me that my opponents in the field of trade can do this, so there is nothing wrong with your Aspose.Cells. I once read something about their use in a blog that I constantly use in order to study important issues for me. Maybe you, too, can somehow use this site 28Msec in order to make sure that some of the statements are correct. If I were you, I’d rather turn them off so they don’t bother you.

@GLekter,

Workbook.HasExernalLinks will give you Boolean value if the workbook has external references (to data sources). So, you may then use Workbook.RemoveExternalLinks to remove the external links. Similarly, you may first evaluate if a workbook has macros/vba codes via Workbook.HasMacro attribute, so you can remove the vba codes/macros via Workbook.RemoveMacro method.

Let us know if you still have any confusion or issue.

What about the WEBSERVICE() function?
Is there a way to prevent Aspose Cells evaluating this function, and making HTTP requests on behalf of the running process?

@TarasTielkes,

Aspose.Cells does not support to calculate WEBSERVICE() function/formula. But if Aspose.Cells supports some MS Excel function which does extract some external data, it won’t put any restriction upon that function/formula, so it will function/behave like MS Excel.