Description of security considerations and privacy considerations for forms that you create in Office InfoPath

This article describes security considerations and privacy considerations for forms that you create in Microsoft Office InfoPath 2007 on in Microsoft Office InfoPath 2003 Service Pack 1.

MORE INFORMATION

InfoPath 2007 and Office InfoPath 2003 Service Pack 1 let you create custom forms. The custom forms can do the following:

Specify the printer that a form is printed to
Add a data connection to a database table
Add a data connection to a Web service

Security considerations and privacy considerations that you should consider when you create a form in InfoPath follow:

Specify the printer that a form is printed toInfoPath lets you specify the printer that a form is printed to. When you create a form and you specify the printer that a form is printed to, you must consider the following security considerations and privacy considerations:

When you enter sensitive information in a form and then you print the form, the data may be sent to a public printer. When you do this, other people can view the private information.
The printer name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the printer and the network from the information that is contained in the .xsn file.
Add a data connection to a database tableInfoPath lets you add a data connection to a database table. When you create a form and you add a connection to the database table, you must consider the following security considerations and privacy considerations:

When you create a form and you add a connection to a database table, the database server name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the database server name from the information that is contained in the .xsn file. Internal network information may be revealed.
You may create a form that connects to a database by providing a username and a password. You do this instead of using Integrated Windows Authentication. The username and the password are stored in the Manifest.xsf file. The Manifest.xsf file is stored in the .xsn form template file. An experienced user may be able to access the username and the password from the information that is contained in the .xsn file. Sensitive user information may be revealed.Note An InfoPath Warning dialog box warns that this is not a safe connection method.
Add a data connection to a Web serviceInfoPath lets you add a data connection to a Web service. When you create a form and you add a data connection to a Web service, you must consider the following security consideration and privacy consideration:

When you add a Web service to a form, the internal Web server name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the internal server name from the information that is contained in the .xsn file.

——————————————–

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks

 


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image