grist-core icon indicating copy to clipboard operation
grist-core copied to clipboard

Published 20 hours ago verified publisher icon gristlabs

Improve form sharing security

Open NathanRodet opened this issue 5 months ago • 3 comments

Describe the problem to be solved

Problem

Grist's form creation is a great feature, but only being able to share anonymous form links could be security and observability issues.

  • Access Control : No option to limit form access to specific user groups or authenticated users.
  • User Tracking : Inability to track who submitted form responses.

Risks

  • Confidentiality : Forms are accessible to anyone with the link, restricting the type of information that can be shared due to potential confidentiality leaks.
  • Denial of Service : Publicly available forms could be vulnerable to DoS attacks; an attacker could flood with responses, causing database to grow.

Describe the solution you would like

Proposed Solutions

  • Introduce the option of access control through authentication to the platform when sharing a link. To limit form access to specific users or at least authenticated ones.

NathanRodet avatar Sep 05 '24 08:09 NathanRodet