About InfoPath security
The Microsoft Office InfoPath 2003 security model is based on the security model implemented by Microsoft Internet Explorer. The Internet Explorer model involves protecting your computer from unsafe operations by using security zones and levels. InfoPath also allows for other form security measures, including protecting form design, using digital signatures, managing certain form operations such as form merging and submission, and trusting installed forms.
Using Internet Explorer security zones and levels
Internet Explorer implements security zones that allow you to control the level of access given to your computer by the Web sites that you visit. InfoPath uses some of these zones to determine the level of access that forms can have to the resources on your computer. In general, InfoPath forms run in a cached location that is denied access to critical system resources. Forms that are allowed full access to system resources are called trusted forms. Trusted forms are usually installed using an installation program such as Microsoft Windows Installer (MSI) so that they can be granted a higher level of permissions.
Cached forms are identified by a Uniform Resource Locator (URL) or Uniform Resource Name (URN), and the type of identification used determines which Internet Explorer security zone permissions they inherit. Forms identified by a URL are cached to the user’s computer, allowing for offline use of the form. These URL-based forms inherit their security permissions, as well as their specific access rights such as cross-domain access, from the Internet Explorer security settings applicable to the original location of the form template. Usually, form templates stored on a Web server or a server running Microsoft Windows SharePoint Services run in the Internet or Local intranet zone. Cached forms that are identified by a URN, on the other hand, inherit their permissions from the Local Machine zone, which is equivalent to the Trusted sites zone.
Trusted forms are identified by their URN and the requireFullTrust setting in the form definition (.xsf) file. When trusted forms are installed, they appear on the Custom Installed Forms tab in the Forms dialog box, which can be opened by clicking More Forms in the Fill Out a Form task pane.
InfoPath provides several ways for you to control various aspects of form security. The following list describes each of these form security measures and where they are enabled in InfoPath:
- Form design The design of your forms can be protected by enabling form protection. When form protection is enabled, users will be unable to modify the form template when filling out a form.
Note Using this setting does not lock the form completely; it only disables the ability to open a form for design when filling it out. Users can still design a form by opening it directly from design mode, but they will receive a prompt indicating that the form is protected.
You enable form protection by selecting the Enable protection check box on the General tab of the Form Options dialog box, which is available from the Tools menu in design mode.
- Digital signatures The data contained in a form can be digitally signed to help ensure that its contents are not altered.
You enable a form to use digital signatures by selecting the Allow users to digitally sign this form check box on the Security tab of the Form Options dialog box, which is available from the Tools menu in design mode. Users sign and verify forms by using the Digital Signatures dialog box, which is available from the Tools menu when filling out a form.
- Form merging You can prevent users from importing data from multiple forms into a single form.
You enable or disable form merging by using the Enable form merging check box on the General tab of the Form Options dialog box, which is available from the Tools menu in design mode. When form merging is disabled, users cannot click Merge Forms on the File menu when filling out a form.
- Form submission You can prevent users from using form submission.
You enable or disable form submission by using the Submitting Forms dialog box, which is available from the Tools menu in design mode. When form submission is disabled, users cannot click Submit on the File menu when filling out a form.
- Trusting installed forms The ability to use trusted forms can be enabled or disabled. When form trusting is enabled, users can fill out forms that require access to their computer's resources.
You enable or disable form trusting by using the Allow forms that I install with a custom setup program to have access to files and settings on my computer check box on the General tab of the Options dialog box, which is available from the Tools menu in design mode.