Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Description of security considerations and privacy considerations for forms that you create in Office InfoPath


View products that this article applies to.

Summary

This article describes security considerations and privacy considerations for forms that you create in Microsoft Office InfoPath 2007 on in Microsoft Office InfoPath 2003 Service Pack 1.

↑ Back to the top


More information

InfoPath 2007 and Office InfoPath 2003 Service Pack 1 let you create custom forms. The custom forms can do the following:
  • Specify the printer that a form is printed to
  • Add a data connection to a database table
  • Add a data connection to a Web service
Security considerations and privacy considerations that you should consider when you create a form in InfoPath follow:
  • Specify the printer that a form is printed to

    InfoPath lets you specify the printer that a form is printed to. When you create a form and you specify the printer that a form is printed to, you must consider the following security considerations and privacy considerations:
    • When you enter sensitive information in a form and then you print the form, the data may be sent to a public printer. When you do this, other people can view the private information.
    • The printer name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the printer and the network from the information that is contained in the .xsn file.
  • Add a data connection to a database table

    InfoPath lets you add a data connection to a database table. When you create a form and you add a connection to the database table, you must consider the following security considerations and privacy considerations:
    • When you create a form and you add a connection to a database table, the database server name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the database server name from the information that is contained in the .xsn file. Internal network information may be revealed.
    • You may create a form that connects to a database by providing a username and a password. You do this instead of using Integrated Windows Authentication. The username and the password are stored in the Manifest.xsf file. The Manifest.xsf file is stored in the .xsn form template file. An experienced user may be able to access the username and the password from the information that is contained in the .xsn file. Sensitive user information may be revealed.

      Note An InfoPath Warning dialog box warns that this is not a safe connection method.
  • Add a data connection to a Web service

    InfoPath lets you add a data connection to a Web service. When you create a form and you add a data connection to a Web service, you must consider the following security consideration and privacy consideration:

    When you add a Web service to a form, the internal Web server name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the internal server name from the information that is contained in the .xsn file.

↑ Back to the top


References

For additional information about InfoPath, visit the following Microsoft Web site.

↑ Back to the top


Keywords: KB867443, kbbug, kbtshoot

↑ Back to the top

Article Info
Article ID : 867443
Revision : 4
Created on : 12/4/2007
Published on : 12/4/2007
Exists online : False
Views : 360