OhMyForm should be configured with secure form publishing controls, protected submission storage, and clear data retention policy.
APP_URL=https://ohmyform.example.com
MONGO_URL=mongodb://127.0.0.1:27017/ohmyform
JWT_SECRET=replace-with-long-random-secret
¶ Access and publication policy
- Limit admin accounts and enable MFA at proxy/IdP where possible.
- Separate public marketing forms from internal/sensitive forms.
- Define per-form access and ownership.
¶ Submission and storage controls
- Enforce input validation and upload restrictions.
- Protect export endpoints and audit usage.
- Apply retention and deletion schedules.
¶ Backup and recovery
Back up MongoDB and app configuration. Validate restored forms and submission retrieval.
- Auth and API errors monitored.
- Submission flow latency monitored.
- Backup restore tested.
- Secret rotation documented.
Feel free to contact us. Find all contact information on our contact page.