Web Forms on Drupal Sites

Web Forms on Drupal Sites afrank30
Drupal Version

This section is for guides, tips, and tricks for creating and managing web based submission forms on Drupal sites.  The most popular tool for forms is the Webform module, but tips and tricks for other form tools can be provided here as well.

Please note that due to European Union General Data Protection Regulation rules, when collecting personal information it is best to host your form on the campus licensed Qualtrics service, which has been approved for collecting personal data.  If you collect personal data on your unit's website, you and your unit are responsible for making sure that you follow all of Georgia Tech's data policy rules and regulations.

If you are not collecting any personally identifiable information that isn't covered by any other privacy or secrecy policy, then you are free to host such a form wherever you like.  That said, we'd still strongly recommend not using third-party services that aren't under a Georgia Tech contract.  See the Resources for Webmasters page on "outside web hosting solutions" for an explanation of the issues with outside services.

Web Forms Tips and Tricks

Securing Web Forms

Securing Web Forms afrank30
Drupal Version

If not properly secured, forms can easily be used by hackers and automated "bot" programs to gain access to information within our sites, deface a site, or or even gain access to all the sites on a shared server.  The following is a non-exhaustive list of tips for making any web-based form more secure.

Form Safety Tips

  • Never ask for sensitive information or information you don't need. Examples include birth date, credit card number, student data (including GTID), and other sensitive data.
  • Protect your form with CAS login (for campus) or with CAPTCHA (for people without GT accounts).
  • Remove old data and forms.
  • Regularly archive and then delete old submissions and forms
    • Go in every month or semester and download the old submissions to a spreadsheet, and then delete those submissions from the website.
    • Close or remove web forms when they are no longer in use.
  • Use SSL / HTTPS for your site.