Category
Drupal Version
If not properly secured, forms can easily be used by hackers and automated "bot" programs to gain access to information within our sites, deface a site, or or even gain access to all the sites on a shared server. The following is a non-exhaustive list of tips for making any web-based form more secure.
Form Safety Tips
- Never ask for sensitive information or information you don't need. Examples include birth date, credit card number, student data (including GTID), and other sensitive data.
- Protect your form with CAS login (for campus) or with CAPTCHA (for people without GT accounts).
- Remove old data and forms.
- Regularly archive and then delete old submissions and forms
- Go in every month or semester and download the old submissions to a spreadsheet, and then delete those submissions from the website.
- Close or remove web forms when they are no longer in use.
- Use SSL / HTTPS for your site.