The Need for a Security Policy

 <  Day Day Up  >  

If you are responsible for the security of InfoPath form templates for other users, you should give some thought to whether you need a security policy and which security issues it should cover.

The circumstances of the use of InfoPath can vary widely, so the following sections simply flag issues that you might want to consider for inclusion in your InfoPath security policy. Depending on the organizational structure of your company, you might need to consult with administrator colleagues.

InfoPath Form Templates as Email Attachments

You or an administrator colleague will likely be able to control which file extensions are allowed as email attachments in your company. Depending on your email server software, you might have to explicitly enable the .xsn extension if you want users to be allowed to email InfoPath form templates. Enabling InfoPath form templates as email attachments potentially opens your company to malicious scripting code. You will probably want to put other measures in place to ensure, as far as possible, that all users have cross-domain data access in Internet Explorer either blocked or set to display a prompt.

Alternatively, you might want to explicitly block users from sending or receiving InfoPath form templates by email. Blocking .xsn email attachments removes one of the routes by which users can access potentially malicious cross-domain scripting code.

Fully Trusted Forms

Given the potential dangers of malicious code, you will probably want to define a policy that specifies how users should approach installing fully trusted form templates.

Depending on the size of your department or company, you might designate someone to advise users about whether it is advisable to install particular fully trusted forms. I am not yet aware of anyone creating installers for fully trusted form templates that contain malicious code, but it is probably only a matter of time before such malicious installers appear.

 <  Day Day Up  >  


Microsoft Office InfoPath 2003 Kick Start
Microsoft Office InfoPath 2003 Kick Start
ISBN: 067232623X
EAN: 2147483647
Year: 2004
Pages: 206

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net