InfoPath Security Problem? ... Limitation? ... LoopHole?

D

David Remillard

In brief, there's an infopath form with 3 sections. After the originator
fills in the first section, that section becomes read only (via infopath
magic). then it goes to a manager for comment and filling out second section
which then becomes read only. finally, the form is returned to the
originator who fills in the last section.

The question is how to secure the data while it's in the forms library. My
client noticed that it's possible for a user to open the XML version of the
form in the form library and even modify the sections that are read only in
infopath. We can narrow the exposure with changing permissions on the item
level but when it gets back to the originator, they need to update and
therefore could open the XML again and change the first section (which is
supposed to be off limits after initial submission).

Any thoughts? Is this scenario something that you've had to deal with before?
 
B

Barry Prentiss

You could use User Roles to determine write capability for individual
fields/sections.
Then use User Role and Field Conditions to write protect section one after
section two is compete...
Just a thought.
Barry
 
D

drallimer

Thanks for the reply Barry. I think you're talking about doing this
in Infopath, right? Actually, we already do it in infopath ... the
problem comes if a user tries to open the form in the form library
with a plain old XML editor. They could then search through the XML
and change the values in the first section even after it's closed from
an Infopath standpoint. This is a harder problem that I originally
thought. It doesn't seem that anyone has an answer.
Thanks, Dave.
 
B

Barry Prentiss

Yes, this is an InfoPath solution.
I'm not sure there is a way to prevent a user from opening any xml file
with any xml file editor.
Thx,
Barry

Thanks for the reply Barry. I think you're talking about doing this
in Infopath, right? Actually, we already do it in infopath ... the
problem comes if a user tries to open the form in the form library
with a plain old XML editor. They could then search through the XML
and change the values in the first section even after it's closed from
an Infopath standpoint. This is a harder problem that I originally
thought. It doesn't seem that anyone has an answer.
Thanks, Dave.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Infopath file size exceeds the limit allowed and cannot be saved 0
InfoPath 2013 crashes when trying to connect to Access 2016 DB 0
Copy data from SharePoint list to InfoPath Form 0
InfoPath 2007 Design Issues with sections disappearing. 1
InfoPath/Sharepoint Username 0
Digital Signatures--Triggering Rules 2
ISO: techniques to identify why an infopath form opens slowly in asharepoint form library 0
Submitting InfoPath form (data) to sharepoint list 0

Top