Securing Web Forms

Securing Web Forms
Category
Developers
Site Administrators
afrank30
Drupal Version
Version Agnostic
Tags
forms

If not properly secured, forms can easily be used by hackers and automated "bot" programs to gain access to information within our sites, deface a site, or or even gain access to all the sites on a shared server.  The following is a non-exhaustive list of tips for making any web-based form more secure.

Form Safety Tips

  • Never ask for sensitive information or information you don't need. Examples include birth date, credit card number, student data (including GTID), and other sensitive data.
  • Protect your form with CAS login (for campus) or with CAPTCHA (for people without GT accounts).
  • Remove old data and forms.
  • Regularly archive and then delete old submissions and forms
    • Go in every month or semester and download the old submissions to a spreadsheet, and then delete those submissions from the website.
    • Close or remove web forms when they are no longer in use.
  • Use SSL / HTTPS for your site.