I've been looking at the CQ5 Forms capability using the Sling Post Servlet.
So the way it works is that the browser makes a Post to /etc/forms/company/my_form
The sling Post servlet creates a node in that location.
Lets say you allow anonymous users to Submit a form, but you want to keep responses secure.
I noticed that you need to grant anonymous users read access to that node (as well as create and modify) for the Sling Post Servlet to create the new content.
Is it a problem to allow anonymous users read access to data which might be personal data? How do you typically get around this?
I was thinking maybe a workflow process to copy the data and delete from /etc/forms?
Any advice or thoughts is appreciated!
First of all the best practice is not to give anonymous user modify and delete permission to any node in the repository. Instead you can use
loginAdministratvie function to perform some operation on the nodes in the Sling Post Servlet, but you need to remember to logout from this session in the servlet after all operation done on the nodes. Please take a look to the presentation made by Angle Schreiber from last adaptTo technical meetup about security issues and loginAdministrative functionality:
http://www.pro-vision.de/content/medialib/pro-vision/production/adaptto/2012/adaptto2012-s ecurity-issues-with-loginadministrative-angela-schr/_jcr_content/renditions/rendition.file /adaptto2012-security-issues-with-loginadministrative-angela-schreiber.pdf
To be more secure you can create for example a user which will have only read, write and delete permissions on the /etc/form node, then in the servlet you can use loginAdministrative function to login as a admin, then interpersonate to that specific user, make some node operation, back to admin and finally logout. It is more secure solution because you are performing some node operation using user which have only permissions to some specific nodes, but not to the whole repository when you are using admin account.
I hope it is clear.