Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Password-Protecting Sensitive InfoPath Form Fields
page 2 of 6
by S.Y.M. Wong-A-Ton
Feedback
Average Rating: 
Views (Total / Last 10 Days): 38119/ 38
Security Concepts

The solution outlined in this article is based on three security concepts: authentication, privacy, and integrity.

Authentication

Authentication is the process of determining the identity of a person or entity.  There are three general factors that can be used for authentication:

1.      Something a person knows

2.      Something a person has

3.      Something a person is

Something a person knows can be a password, PIN, or mother’s maiden name.  Something a person has can be a key, swipe card, or badge.  Biometrics such as fingerprint and iris scans can be used to prove something a person is.  Strong authentication contains two out of these three methods.

Privacy

Privacy is the act of keeping data undisclosed to third parties unless authorized.  Privacy protects sensitive information such as personal information.

Integrity

Integrity provides the assurance that data has not been altered in an unauthorized way.  One example is when a user sends a request to her online bank account to pay her $24.56 water utility bill.  This user needs to be sure that the integrity of that transaction was not altered during transmission, so the user does not end up paying the utility company $240.56 instead.

Security in the Solution

The solution outlined in this article makes use of a password to authenticate the person opening and saving an InfoPath form.  Since a password by itself does not provide strong authentication, it is combined with the person's user name to add a second layer of security.  If someone else gains knowledge of the password, that person would also have to impersonate the original user before he can gain access to the protected data stored within the form.

The password is not explicitly saved within the form, or anywhere else for that matter.  The user is forced to remember and enter it to both lock and unlock, i.e. encrypt and decrypt, sensitive form fields.  Encryption is used to ensure both privacy and integrity.
View Entire Article

User Comments

No comments posted yet.






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-19 9:51:27 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search