Forms, robots, and data security

It started off with a simple enough request:

“Just saw a couple of you have added your email address to your profile page or portfolio site. Bots trawl sites looking for email addresses to spam so it’s not a good idea…”

A reasonable enough request from Crispin, course leader of the boot-camp. One tinged with data security paranoia perhaps, but at least this one is easily understandable and believable. He then went on to suggest pointing users to a contact form either on this very blog, or to a social network as a means of communication.

WiFi broadcasts your thoughts to the Internets

The security cogs begin to turn…

Wanting to keep this blog purely, um, bloggy, I decided that the form was to go on my profile site. Easy enough to do too (yes it needs a button):

 
<form action="/my-handling-form-page" method="post">
<div>
<label for="name">Name:</label>
<input type="text" id="name" name="user_name" />
</div>
<div>
<label for="mail">E-mail:</label>
<input type="email" id="mail" name="user_email" />
</div>
<div>
<label for="msg">Message:</label>
<textarea id="msg" name="user_message">
</textarea>
</div>
</form>

Now while I don’t fully understand the entire server-side process for handling these GET/POST requests, amongst all the other methods of data submission utilising server-side technologies, I did suspect that simply having a pure HTML form was not going to really assist in the security stakes.

I came across the following two articles, and I’m sure there are more:

TL;DR:

The key take-away knowledge from this brief bit of research:

  • Be paranoid;
  • Robots will hit your site, possibly more than people; see point 1 for their intentions;
  • SSL is essential;
  • I don’t know or understand enough about data/web security yet.

The solution?

In any case, I just found a third party, with good reviews, who provide an embedded form for my website. Until I have the skills and/or knowledge to do better myself, it will have to do.

As just a web user, it’s easy to manage your own web security, however as an architect of it, there is a lot more responsibility. My eyes are opened, and there is yet more that I didn’t know I didn’t know.

Leave a Reply

Your email address will not be published. Required fields are marked *