This article contains an overview of some security considerations for Microsoft Office Forms Server 2007. Although these concepts can help you make informed decisions, this article is not exhaustive. Use your organization's existing security policy as the foundation for any choices that you make about the security of your server, form templates, and forms.
In this article
About Web server security
Use SSL for servers hosting browser-enabled form templates If you plan to design a browser-enabled form template that will be available for users to fill out on the Internet, ask your server administrator whether Secure Sockets Layer (SSL) technology is configured on the server where the form template will be hosted. Some organizations use SSL when collecting personally identifiable information (PII), such as credit card numbers or bank account numbers. The decision to use SSL may be driven by an organization's internal policies, regulatory compliance, or both. A browser-enabled form template is a browser-compatible form template that has been published to a server running InfoPath Forms Services and browser-enabled so that users can fill out the form in a Web browser. SSL is a proposed open standard that was developed by Netscape Communications for establishing a secure communications channel to help prevent the interception of critical information, such as credit card numbers.
Note: You can tell when SSL is enabled for a URL because the address starts with "https" instead of "http." SSL may not be necessary if your form templates are available on a secure intranet where both the form designers and the users are trusted.
Use a trusted host If your organization does not maintain the server that hosts your form templates, make sure to use a trusted Web-site hosting company. For example, if you decide to use SSL technology, verify that the hosting company has a digital certificate that was issued by a third-party certificate authority. If you can't verify the integrity of the hosting service, do not host your form templates there.
Install security patches and antivirus software Check with your server administrator to verify that the latest security patches and updates are installed on the server where your form templates are hosted. Also, verify that the server is running up-to-date antivirus software, and that only trusted users can access the server.
About data sources
Use approved data sources To help ensure that the form template designers in your organization use only approved data sources, use a data connection library, which is a central location to store and share data connections. By creating a collection of approved data connections and limiting permission to the library where they are stored, you can help protect the security of the data sources that are used in your organization.
Be cautious when using direct database connections If the form template designers in your organization are unable to use an approved data source from a data connection library, they may decide to connect a form template directly to a data source. In such cases, make sure that only trusted users can access the forms based on that form template. A form template with a direct connection to a database may provide an untrustworthy user with a way to access proprietary information.
About deploying administrator-approved form templates
Understand the scope of deployment for form templates When an administrator-approved form template is deployed, it is added to a central location on the server where it can be activated to one or more site collections. An administrator-approved form template is a browser-compatible form template that has been uploaded by an administrator to a server running InfoPath Forms Services. An administrator-approved form template can include code. If the site collections and form templates in your organization span very different audiences, make sure to activate only those form templates that are designed for a particular site collection. For example, if your organization uses one site collection for customers and another for employees, do not activate an employee form template to the customer site collection. Activating form templates to the wrong site collection may make proprietary data available to the wrong users. For example, an employee form template that contains a list of employee e-mail addresses can lead to spam if that form template is made available to the public.