Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Might run into GDPR issues. Also, take care to sanitise the input as potential attack vector - the current Log4j affair is a cautionary tale how user controlled data can wreak havoc in the backend.
-
C0D4669023yAnalytics shouldn't contain PII* data, if it does it counts as logging.
Check with your local laws and the GDPR / CCPA.
But in essence, never store more then you need, and never store it any longer then you need it.
* https://en.wikipedia.org/wiki/... -
Voxera113883yI agree about not storing in GA.
But regarding GDPR, since its a contact form, anyone that fills it out gives you permission to store and process that data for the purpose of the form.
You can also store it temporarily in a log but not long term since the logging is not the purpose of the form, but logging is usually a requirement for the running of a site and that gives you the right to log necessary data for at least some minimum time.
For more information search for “Legal grounds gdpr” for a list of valid reasons to store and process data.
And remember that explicit consent is a last resort :). If any of the others work they are easier and better. -
sariel84473yTake my advice.
Just setup a mailto link with a filtered inbox(think Gmail and forward to your real account).
You will save yourself about 2 days of effort and it will be a bit more secure.
Related Rants
I am building my portfolio website and added a contact section. In the API call to the backend, I am logging potential API failures to Firebase Analytics. Is it ethical to include the request data (content of the contact form) in log data?
question
ethic