Framaforms is a form platform used for public campaigns and community collection. Hardening should focus on anti-abuse controls, moderation workflows, and privacy protection for collected responses.
- Apply rate limiting to submission endpoints.
- Use CAPTCHA or anti-bot controls on exposed forms.
- Limit anonymous administration and form-creation rights.
- Monitor unusual spike patterns in submissions.
¶ 2) Protect responder privacy and stored results
- Restrict export permissions for response datasets.
- Enforce data minimization in form design to reduce sensitive collection.
- Encrypt backups containing responses and attachments.
- Apply retention and deletion policy for old survey responses.
- Keep Framaforms and underlying stack patched.
- Restrict database and internal services to private network access.
- Enforce HTTPS and secure session cookie settings.
- Audit admin actions and permission changes regularly.
- Framaforms project site: https://framaforms.org/
- Framaforms source repository: https://framagit.org/framasoft/framaforms
Any questions?
Feel free to contact us. Find all contact information on our contact page.