locked
REST web service with browser enabled forms - is there a security issue? RRS feed

  • Question

  • I am working in Infopath 2010 and my forms are browser enabled. I need to retrieve data from a SQL database. I want to filter the data as the SQL tables are big. I have successfully configured a REST web service to get the data. I did a Change REST URL and then I set a filter on the URL before running the query. It works like magic. I am however concerned about whether the connection is secure. I read the following in a forum from 2007. It was Clayton Cobb talking about the pros & cons BCS/ECTs versus web services. Here's what he said. (Ref is http://www.infopathdev.com/forums/p/15897/56282.aspx)

    The recommended method by the InfoPath team is to create custom web services for direct interaction with the form.  This is a security hassle with browser forms, but it can be done.  You'd need to use a Secure Store identity (group type probably) in your Secure Store service application and reference it in the Universal Data Connection that you create by converting your web service DCs in the form after creating and adding them.

    So - do I have a security problem here and if so how can I fix it?

    Thanks

    Fiona

    Friday, October 19, 2012 11:09 AM

Answers

  • The answer is yes - I just need to figure out how to use a Secure Store identity.
    • Marked as answer by FionaMcCarron Friday, October 19, 2012 3:30 PM
    Friday, October 19, 2012 3:30 PM