Determine the impact of anonymously accessible form templates (Office Forms Server)
Updated: May 21, 2009
Applies To: Office Forms Server 2007
Topic Last Modified: 2009-05-11
In this article:
If your organization plans to deploy form templates that can be accessed by unauthenticated users, you need to consider a variety of factors in your planning. Without adequate planning, form templates that can be submitted without user authentication can present problems with security, improper usage, bandwidth, and database capacity. Before making form templates anonymously accessible either on a private network or on the Internet, carefully read this article and make sure that your strategy takes these considerations into account.
Anonymously accessible form templates provide your end users simple and unobstructed access. Two likely scenarios for anonymously accessible form templates are over the Internet and within the corporate network.
Anonymously accessible form templates are a reasonable choice on the Internet when there are no security concerns about the functionality or data associated with the form template. Providing anonymously accessible form templates on the Internet can reduce administrative effort because user authentication does not need to be managed or maintained.
The reasons for using anonymously accessible form templates within a corporation are similar to those for the Internet. The difference is that users are within a closed network, an Intranet, or are authenticating through a Virtual Private Network, a Remote Access Server, an extranet, Terminal Services or a password-protected Web site. Unlike the Internet scenario, users would typically be known on the network. Providing anonymously accessible form templates can enhance user experience in situations where unfettered and anonymous access is desirable. For example, a corporate survey of employees might produce more candid and useful responses if they are anonymous.
Another advantage to using anonymously accessible form templates is that performance can be improved when you implement anonymous scenarios. Performance advantages are realized because postbacks to request access control list (ACL) verifications are eliminated.
Before making a form template anonymously accessible, you must consider the possible consequences to security and the implications of attempts to improperly use the form template.
You should ensure that form templates cannot be accessed by scripts or other automated or non-human processes. One way to achieve this is to force users submitting a form template to enter an identification code such as a short alphanumeric string displayed in an image, which cannot be "read" by a script or automated process.
Form templates that contain sensitive information such as authentication information, server or database names, or proprietary code should not be exposed to anonymous users.
Form templates that contain code or functionality that can invoke processes on a server should be carefully evaluated and tested to ensure that security cannot be compromised by making the form template accessible to anonymous users.
In order to prevent users from submitting multiple copies of a form, you might consider including code that tracks the IP address of each user who submits a form and prevents duplicate submissions from the same IP address.
Once you make a form template anonymously accessible to the Internet, you no longer have control over how many times that form is submitted. Therefore, before publishing an anonymously accessible form template to the Internet, carefully consider your expectations regarding the following factors:
How many users will submit the form within a given time period
How much data must be transferred and stored
How much server processor time, memory and throughput will be utilized each time the form is submitted
You can then estimate how much bandwidth, server processor time and database capacity is required in order to support the form template. Using the IIS administration tool, you can throttle bandwidth and the number of concurrent connections for a Web site if you want to control usage.
This topic is included in the following downloadable book for easier reading and printing: