Confirmation of upload question in forms and security

fuzzi81 · 2018-02-02 07:10:42 UTC

**5.4.3.1
Hi Guys,

Could you please confirm that there is little or no risk with form submissions and supporting documents been submitted to the CMS and any interception by the public.

By default they all get created as under construction, which means public cannot access.
Permissions are denied by default, so there is no risk of cascading to children.

Is the safest way to keep them in the logs as submission (and not create a separate node for attachments)

can anyone share their best practice?

cheers
Fuzz

Bart · 2018-02-03 04:01:22 UTC

Yea as long as you leave them as public user denied access and UC that will be enough. You can even go more secure with the restrict access setting on the form contents screen of the custom form:

fuzzi81 · 2018-02-03 07:23:31 UTC

Thanks Bart that’s all I need! And on your Saturday too! Thanks