InfoPath Security and Internet Explorer

Parts of InfoPath 2003 security depend on Internet Explorer security. InfoPath inherits security settings from Internet Explorer on the user 's machine.

Internet Explorer has four security zones:

• Internet (the default)

• Local Intranet

• Trusted Sites

• Restricted Sites

Each of these security zones has a default set of options. You may assign domains to a zone other than the Internet zone, depending on your own preferences or company/departmental policy.

By default, a form template that is identified by a URL (other than a file URL) will be assigned to the Internet security zone. The security that applies to that zone has default values set when Windows and Internet Explorer are installed, but the user can customize those security settings after installation.

Internet Explorer Security Settings

To view security settings from Internet Explorer, select the Tools menu, and then select Internet Options. In the Internet Options dialog box that opens, select the Security tab.

Each of the Internet Explorer security zones is displayed near the top of the Security tab (see Figure 12.1). To view the options for a specified zone, make sure that the zone's icon is highlighted, and then click the Custom Level button. The Security Settings window opens (see Figure 12.2), and you can then make the appropriate choices for the available security settings.

Cross-Domain Data Access

The Access Data Sources Across Domains setting in Internet Explorer allows three settings: Disable, Enable, or Prompt. The default value varies depending on the Internet zone. In the Internet and Restricted Sites zone, the default setting is Disable; in the Local Intranet zone, the default is Prompt; and in the Trusted Sites zone, the default is Enable.