Greg Enslow, president of 3Sharp LLC, recently spoke to SearchVB.com about the ins and outs of VSTO 2005, which is currently available in beta format and works with Office 2003 as well as the 2005 update.
Like its VBA predecessor, VSTO lets developers customize features for Office applications, mainly Word and Excel.These can be as simple as a button on the application's Command bar or as complex as an expense report template with access to back-end databases.Once a user's applications recognize these features, they are always available, even if the user is offline.
But VBA had its limits, not least a lack of security."It really didn't have a strong mechanism for protecting the code," Enslow
said."Often people didn't even set the password.A malicious password could take the code that you worked on and ,which, has your name on it, add some malicious aspects and deploy the code."
To combat this, VSTO relies on the .NET framework for true security.It also uses .NET Code Access Security.By default, this is set at "full trust" on the developer's machine but needs a .NET framework, an MSI (which stands for Windows installer) or a group policy before it can be deployed on users' machines, Enslow
said.A framework is fine for a few users, while MSIs cover a larger audience and group policies allow developers to create specific rules.
Other additions to VSTO 2005 include the ability to deploy data cache sets into offline documents, support for typed datasets and a .NET host wrapper for native Office controls like bookmarks and XML notes, Enslow