InfoPath Security

Some scenarios using InfoPath forms involve saving data to the local machine and later submitting data to a target on the Internet or an internal network. Typically, that's done using the InfoPath menus . However, InfoPath also allows the programmatic control of saving to disk, which raises potential security issues. (To learn more about security issues in InfoPath 2003, see Chapter 12, "Security and InfoPath Forms.")

A number of components of the InfoPath object model are designated as security level 3, meaning that the properties or methods can be used only in InfoPath form templates that are fully trusted . A fully trusted form template has to be installed explicitly by a user (or by an administrator on the user 's behalf ) before it can be used. Because the user is essentially installing a mini-application that can read or write to disk, the need for security precautions should be obvious.

In addition, InfoPath forms can contain custom business logic that makes use of ActiveX controls. Because ActiveX controls can, in principle, contain arbitrary logic, it is important that users not be inadvertently exposed to possibly malicious code.

Cross-domain security issues can also arise, for example, when a form is forwarded by email to a recipient who is not in the same domain as the form template creator.