Securing InfoPath Forms

  • 21 July 2011
  • 2 replies
  • 0 views
T
Badge +4

Does anyone know of a way to secure the InfoPath schema so that we can guarantee that only the node required for the Action is modified? 


Need to make sure that the data is un-touched by the destination user when using the native InfoPath client.


Could the following method work?


On the InfoPath client Activity:



  2. Create a Data Event to copy the current InfoPath Schema to a temporary one.
  3. After the InfoPath Client Event, copy the Action field used for business rules Outcomes from InfoPath schema to the temp one.
  4. Copy the entire temp schema back to the main InfoPath schema.

 

2 replies

J
Badge +10

Hi,


From what I remember you can make groups signable in an InfoPath form without K2 affecting the signature. As long as you do not sign the whole form the signature will stay in tact.


I would recommend that you group all the data that you want to protect, sign it and then move it through the workflow keeping your task actions outside of this signed section. If someone tampers with the signed section the signature will be invalid.


The reason you cannot sign the whole form is because K2 will change the values of the fields in the _K2 node during the workflow execution which will invalidate the form. Signing sections other than the _K2 node will keep the signatures in tact while K2 handles the InfoPath form.


With regards to your other question, I think it could work, but just check the code-behind of the succeeding rule of the Activity. If I remember correctly (haven't checked this in a while and it might have changed) the entire InfoPath schema is copied into the process XML field from the Activity XML field the user used when the activity completes. If you used your workaround, you will lose your changes when this happens. But in essence I think your strategy could work. You could even copy the section to a process-level XML field and only copy it back in a Data Event after the activity containing the InfoPath Client Event.


Before you venture down these avenues, consider the signable sections, I think they will work for what you are trying to accomplish.


Regards,

T
Badge +4

JohanL,


Thanks for the option of Digital Signatures.  I thought about this, but think it may be a bit more difficult to introduce since it requires a route from the workstation to a CA on our domain.  I know there are some considerations to getting this to work in our enterprise due to firewall rules on some of our sites which is why only the servers have full access to this at the moment.  This is currently being looked into for our Rights Mgmt Project. 


In regards to your other suggestion about copying the schema, I saw the code back in 2003 where it copied the xml schema to the activity xml.  This is why I'm going to try and modify it after it comes back from the IP client event.  This actually makes it easier for me to control since the form will be going through quite a bit of collaboration first before I need to lock it down. 

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings