I also believe forms processing (generally) has a great potential to eliminate mistakes and protect the integrity and actual values of data from harm.
I started digging deeper into this for a demo I am preparing for a health care form. Of course, all PHI (i.e. personal health information) must be protected from deliberate or inadventent disclosure. I am still working to implement this in the Microsoft software stack. Unfortunately the following has become clear:
- Although digitally signing forms data works, this does not encrypt the data so forms containing sensitive data are open and subject to compromise.
- It is possible to extend the InfoPath client function in order to encrypt/decrypt some or all of the fields in the form data. This must be done using the InfoPath object model. Of course, doing this compromises the no code goal.
- Finally and most disappointingly, use of these code extensions is not compatible with Forms Services. This means that to use this facility, all form-fill-in users must have the InfoPath desktop client!
Bummer!!
Regards..
References:
Encrypting and Decrypting InfoPath Form Data
Extending the Save Functionality in InfoPath 2003
Protecting Sensitive Data
Password-Protecting Sensitive InfoPath Form Fields