title | summary |
---|---|
Creating forms in the CMS |
How to use the UserForms module to create forms via the CMS. |
Make sure that your Silverstripe CMS installation has the UserForms module installed.
Important
This feature allows authors with CMS permissions to create forms which process submission data, and store data the CMS database by default. Anyone with the ability to create forms also has access to view and export submissions. As the owner and operator of your website, you should ensure processes and safeguards are in place to perform these actions securely.
This is your responsibility
Here are a few tips to get you started:
- Ensure you have the necessary consents for processing and storing data according to your legislation (e.g. GDPR)
- Only accept form submissions via encrypted transfers (HTTPS) - check our Secure Coding guidelines
- Control access to form submissions (via CMS page access controls)
- Control access to files uploaded with submissions (via folder access controls)
- Create a process to limit the types of data you are allowed to collect via this feature (e.g. no payment information or health data)
- Create a process for limiting submission storage duration (manual deletion)
- Consider further safeguards such as at-rest encryption (check encryption related addons)