locked
Security issue with Form Library? RRS feed

  • Question

  •  Hi All,

     In infopath form library I have some fields hidden for certain users but the users can still download the form as xml file and see the data.

     But the data is too critical to comprise. Can you please tell me how to deal with such situations in infopath 2010 form library?

    Thanks,

    Rahul Babar

    ASP.NET, C#, Sharepoint 2007/2010, Infopath 2007/2010 Developer

    Thursday, February 16, 2012 9:51 AM

Answers

  • Hi,

    Nothing will change the fact that the xml is the xml.

    Do they still need access to the form at this stage, can you just use permissions so they cant even download the form?

    If they do need details, you could write a custom webpart impersonating a higher privledged account to display the details they are allowed to see from the request.


    Regards, Chris

    • Proposed as answer by Pigglywink Sunday, February 19, 2012 6:43 AM
    • Marked as answer by Rahul Babar Tuesday, February 21, 2012 12:06 PM
    Sunday, February 19, 2012 5:06 AM
  • Hi Chris,

    Thanks for the response.

    There are different contributors for the form and each one needs to be given unique access rights on the form. They should not be able to read/write each other's info. (section) by any means. Finally I moved to design sharepoint list forms using infopath 2010 though there are few drawbacks of this approach. Atleast I am able to avoid this security issue.

    Thanks,

    Rahul Babar


    ASP.NET, C#, Sharepoint 2007/2010, Infopath 2007/2010 Developer

    • Marked as answer by Rahul Babar Tuesday, February 21, 2012 12:06 PM
    Tuesday, February 21, 2012 12:05 PM

All replies

  • Hi,

    Nothing will change the fact that the xml is the xml.

    Do they still need access to the form at this stage, can you just use permissions so they cant even download the form?

    If they do need details, you could write a custom webpart impersonating a higher privledged account to display the details they are allowed to see from the request.


    Regards, Chris

    • Proposed as answer by Pigglywink Sunday, February 19, 2012 6:43 AM
    • Marked as answer by Rahul Babar Tuesday, February 21, 2012 12:06 PM
    Sunday, February 19, 2012 5:06 AM
  • Hi Chris,

    Thanks for the response.

    There are different contributors for the form and each one needs to be given unique access rights on the form. They should not be able to read/write each other's info. (section) by any means. Finally I moved to design sharepoint list forms using infopath 2010 though there are few drawbacks of this approach. Atleast I am able to avoid this security issue.

    Thanks,

    Rahul Babar


    ASP.NET, C#, Sharepoint 2007/2010, Infopath 2007/2010 Developer

    • Marked as answer by Rahul Babar Tuesday, February 21, 2012 12:06 PM
    Tuesday, February 21, 2012 12:05 PM