Most websites/CMS have some type of form where form data is either stored in a database or sent to the recipient via email. Both options have their pros and cons. And above all risks.
Read our article ” Secure forms for contacts “ about the security of e-mail transport of form data.
Today, most CMS systems have good security when it comes to protecting the system itself. But when you add a form, the rules of the game change as forms create a path straight into the system from the web page when the form data is saved in the system’s database.
The data must not only be handled securely all the way into the database, it must also be protected against unauthorized access. This requires a lot of own security measures that many common CMS systems completely lack.
More security is required
Since a website is exposed 24/7/365, sensitive data should not be saved in it at all unless the system is explicitly built for this. A much better option is to send form data directly from the form to a properly protected database. And preferably not exposed directly to the internet at all.
The most common method of doing this is to send the data as a call to an API which then handles and stores the data appropriately.
However, the method requires that the API must be exposed on the internet and therefore requires a sufficient login in addition to other security measures. Something that may require tricky complexity in the client (form) that sends the data, for example the difficulty of saving login information in a secure way.
Sending data to an API also creates problems with maintaining anonymity (which is important in e.g. whistleblower channels) in that all traffic is logged and thus can be tracked.
But there are alternatives
Another way, which ANON::form offers, is to send the form data End-2-End-Encrypted (E2EE) and untraceable via e-mail. And have a client that automatically receives the email, unpacks the data and stores it in the database securely.
Then you avoid the complexity of logging in etc. in the form and can have a database in your intranet without exposure to the internet. The email system already has a lot of security and the rest is easy to add.
Here’s how ANON::form’s solution works:
- The customer creates an e-mail account in their e-mail system that will only handle incoming e-mail from the forms.
- An E2EE Form Basic subscription is ordered from us (NOTE! it does not work with our E2EE Form Lite subscription).
In the order, it is stated that the form data is to be used for automatic storage and the e-mail account address as the recipient. One, several or all forms can send data in this way to a common or own e-mail addresses.
Encryption keys are created and the customer receives all the information about the form’s field names and other things that are needed in point 6 below.
- The form is downloaded from ANON::form’s secure servers. Either as an external form via link in the website or as embedded in one of the website’s pages.
- The form is filled in and encrypted in the browser. But instead of a regular email, the form data is converted to JSON-encoded data.
- The message is sent via ANON::form’s secure e-mail servers and finally lands in the recipient’s e-mail box. Still encrypted.
- A client application in the system that is to save the form data in a database retrieves the e-mail message, decrypts it and converts the JSON into an appropriate format, such as a list or an object.
The application also imports attached files if there are any. They are sent encrypted in the email as attachments, not as part of the JSON.
- After being “washed”, the data is saved in the database where it can then be accessed by various applications that manage the form data.
Because there are many different systems and programming languages, we do not offer a ready-made solution for the client application. But the solution is straightforward and can easily be created by a seasoned developer. We will of course help with what we can.
This special solution also does not cost anything extra to set up with us, but is included in the set-up cost. For help with the client application, we recommend our partner Schuetten Consulting Ab Ltd (which also built the ANON::form service).
Although by default ANON::form does not support direct storage of form data in a database, it is easy to implement such a solution. Which is significantly more secure than saving in the CMS system’s database or via an API that also requires complex login.