Description of security considerations and privacy considerations for forms that you create in Office InfoPath 2003 Service Pack 1 (867443)


The information in this article applies to:

  • Microsoft Office InfoPath 2003, Service Pack 1 (SP1)

SUMMARY

This article describes security considerations and privacy considerations for forms that you create in Microsoft Office InfoPath 2003 Service Pack 1.

MORE INFORMATION

Office InfoPath 2003 Service Pack 1 lets you create custom forms. The custom forms can do the following:
  • Specify the printer that a form is printed to
  • Add a data connection to a database table
  • Add a data connection to a Web service
Security considerations and privacy considerations that you should consider when you create a form in InfoPath 2003 Service Pack 1 follow:
  • Specify the printer that a form is printed to

    InfoPath 2003 Service Pack 1 lets you specify the printer that a form is printed to. When you create a form and you specify the printer that a form is printed to, you must consider the following security considerations and privacy considerations:
    • When you enter sensitive information in a form and then you print the form, the data may be sent to a public printer. When you do this, other people can view the private information.
    • The printer name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the printer and the network from the information that is contained in the .xsn file.
  • Add a data connection to a database table

    InfoPath 2003 Service Pack 1 lets you add a data connection to a database table. When you create a form and you add a connection to the database table, you must consider the following security considerations and privacy considerations:
    • When you create a form and you add a connection to a database table, the database server name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the database server name from the information that is contained in the .xsn file. Internal network information may be revealed.
    • You may create a form that connects to a database by providing a username and a password. You do this instead of using Integrated Windows Authentication. The username and the password are stored in the Manifest.xsf file. The Manifest.xsf file is stored in the .xsn form template file. An experienced user may be able to access the username and the password from the information that is contained in the .xsn file. Sensitive user information may be revealed.

      Note An InfoPath Warning dialog box warns that this is not a safe connection method.

  • Add a data connection to a Web service

    InfoPath 2003 Service Pack 1 lets you add a data connection to a Web service. When you create a form and you add a data connection to a Web service, you must consider the following security consideration and privacy consideration:

    When you add a Web service to a form, the internal Web server name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the internal server name from the information that is contained in the .xsn file.

REFERENCES

For additional information about InfoPath 2003, visit the following Microsoft Web site.

http://www.microsoft.com/office/infopath/prodinfo/default.mspx

Modification Type:MajorLast Reviewed:2/22/2005
Keywords:kbtshoot kbinfo kbBug KB867443 kbAudDeveloper kbAudEndUser
©2004 Microsoft Corporation. All rights reserved.