InfoPath -how to disable Microsoft Office InfoPath Security Notice - "Microsoft has identified a potential security concern"

Question

I have an InfoPath form template as a content type in a form library on SharePoint. The form has several data connections which on submit, save it back to a specific form library on SharePoint depending on how one field is filled out.

After I added an additional data connection to receive information from SQL to a drop down control, when the form is opened (new or existing), the following Microsoft security message appears "Microsoft Office InfoPath Security Notice - Microsoft has identified a potential security concern...". This warning appears EVERY time.

I have added these connections as IE Internet Options trusted sites. In the InfoPath form itself, in Tools>Trust Center, I have unchecked (privacy options) "check Microsoft Office documents that are from or link to suspicious Web site in InfoPaths Trust Center".

None of these actions are solving the problem. Is there a way to turn this security warning off?

Answer 1

You may need to change the Security and Trust settings on the form itself. goto Tools -> Form Options -> Security and Trust. If you go full trust then you will probably have to sign it with a code signing digital certificate.

Infopath can generate a digital certificate that will work on your local machine. but when anybody else tries to open the form they will be prompted if they trust the certificate when they open the form. To get around that problem either purchase a Codesigning certificate from a trusted provider or create one yourself with makecert.exe

Unfortunatly makecert is part of the Windows SDK which is a 570mb download.

The following is a script that I have used to create a Code Signing Certified Authority and a the infopath code signing certificate.

makecert -n "E=Support@{yourcompany},CN=Your Code Signing CA" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
makecert -pe -n "E=Support@{yourcompany},CN=Your Infopath Code Signing Certificate" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

You will need to get the root certificate added to to the Trusted Root Certification Authority of the certificate store.

Answer 2

Try moving your data connection to DCL. This is the good practice anyway because it removes the dependency between the database server location and your InfoPath form. In the udcx file you find some security options to configure. If you can't solve the issue using changes in udcx files, you can switch from making direct SQL calls to use web services instead as proxy. This is always good since you get away from the database structure and InfoPath form dependency. InfoPath by default works very well with web services over SSL but it's also possible via http with some adjustments in udcx files.