1 Reply Latest reply on Oct 23, 2012 11:02 PM by kasq

    Form Security using SlingPostServlet

    Tim Goodman Level 1



      I've been looking at the CQ5 Forms capability using the Sling Post Servlet.


      So the way it works is that the browser makes a Post to /etc/forms/company/my_form

      The sling Post servlet creates a node in that location.


      Lets say you allow anonymous users to Submit a form, but you want to keep responses secure.

      I noticed that you need to grant anonymous users read access to that node (as well as create and modify) for the Sling Post Servlet to create the new content.


      Is it a problem to allow anonymous users read access to data which might be personal data?  How do you typically get around this?

      I was thinking maybe a workflow process to copy the data and delete from /etc/forms?


      Any advice or thoughts is appreciated!