Microsoft KB Archive/867443

= Description of security considerations and privacy considerations for forms that you create in Office InfoPath =

Article ID: 867443

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Office InfoPath 2007
 * Microsoft Office InfoPath 2003, Service Pack 1 (SP1)

-





SUMMARY
This article describes security considerations and privacy considerations for forms that you create in Microsoft Office InfoPath 2007 on in Microsoft Office InfoPath 2003 Service Pack 1.



MORE INFORMATION
InfoPath 2007 and Office InfoPath 2003 Service Pack 1 let you create custom forms. The custom forms can do the following:
 * Specify the printer that a form is printed to
 * Add a data connection to a database table
 * Add a data connection to a Web service

Security considerations and privacy considerations that you should consider when you create a form in InfoPath follow:  Specify the printer that a form is printed to

InfoPath lets you specify the printer that a form is printed to. When you create a form and you specify the printer that a form is printed to, you must consider the following security considerations and privacy considerations:  When you enter sensitive information in a form and then you print the form, the data may be sent to a public printer. When you do this, other people can view the private information. The printer name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the printer and the network from the information that is contained in the .xsn file.  Add a data connection to a database table

InfoPath lets you add a data connection to a database table. When you create a form and you add a connection to the database table, you must consider the following security considerations and privacy considerations:  When you create a form and you add a connection to a database table, the database server name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the database server name from the information that is contained in the .xsn file. Internal network information may be revealed. You may create a form that connects to a database by providing a username and a password. You do this instead of using Integrated Windows Authentication. The username and the password are stored in the Manifest.xsf file. The Manifest.xsf file is stored in the .xsn form template file. An experienced user may be able to access the username and the password from the information that is contained in the .xsn file. Sensitive user information may be revealed.

Note An InfoPath Warning dialog box warns that this is not a safe connection method.

</li></ul> </li> Add a data connection to a Web service

InfoPath lets you add a data connection to a Web service. When you create a form and you add a data connection to a Web service, you must consider the following security consideration and privacy consideration:

When you add a Web service to a form, the internal Web server name is stored in the Manifest.xsf file. The Manifest.xsf file is in the .xsn form template file. An experienced user may be able to access the internal server name from the information that is contained in the .xsn file.</li></ul>

<div class="references_section">