Creating forms in the CMS
Before we begin
Make sure that your SilverStripe CMS installation has the UserForms module installed.
Data Protection and Privacy
IMPORTANT: READ THIS BEFORE USING THE MODULE
This feature allows authors with CMS permissions to create forms which process submission data, and store data the CMS database by default. Anyone with the ability to create forms also has access to view and export submissions. As the owner and operator of your website, you should ensure processes and safeguards are in place to perform these actions securely.
This is your responsibility, but here are a few tips to get you started:
- Ensure you have the necessary consents for processing and storing data according to your legislation (e.g. GDPR)
- Only accept form submissions via encrypted transfers (HTTPS) - check our Secure Coding guidelines
- Control access to form submissions (via CMS page access controls)
- Control access to files uploaded with submissions (via folder access controls)
- Create a process to limit the types of data you are allowed to collect via this feature (e.g. no payment information or health data)
- Create a process for limiting submission storage duration (manual deletion)
- Consider further safeguards such as at-rest encryption (check encryption related addons)