Honeypot implementation for AEM forms | Community
Skip to main content
veenakt28
veenakt28
New Participant
May 4, 2022
Solved

Honeypot implementation for AEM forms

  • May 4, 2022
  • 1 reply
  • 2245 views

Hi,

 

From a few days now, I am trying to understand how honeypot can be implemented on AEM forms. We have a requirement to implement honeypot feature on AEM forms, but I could not find any documentation around this in the experience league. Given the volume of the sites and forms being one of the widely used component on the sites, we do not want to take the re-captcha route rather have something like honeypot implemented to make user experience better. What is the best way to bring up security/spam prevention checks on AEM forms.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Pulkit_Jain_

Hi Pulkit,

The forms we have is a form container component, which consists of multiple fields (components) which can be configured within this form container, all of this is built using core components, the service pack we are using is 6.4.8
To give an eg. having configured the form container component, you will then have options to add remove the fields you need on the form like email ID, name, age, country of residence, demographic questions etc. Basically you can create the form with the fields you require for a site. This form submission data is then passed to a 3rd party system to store the data. We are also getting some of the form field data from the 3rd party integrated system. How do I implement security check/spam prevention checks on such a form.


@veenakt28 

In addition to the security hardening guide shared earlier and steps shared by Mayank, you can enable protection against Cross-Site Scripting (XSS) on the page/form by following this security guide[0]. 

All these steps will ensure protection against any vulnerabilities when the form is integrated with a 3rd party system for inbound or outbound communication.

 

 

[0] - https://experienceleague.adobe.com/docs/experience-manager-64/developing/introduction/security.html?lang=en 

1 reply

Pulkit_Jain_
Pulkit_Jain_
Employee
May 4, 2022

@veenakt28 

Probably AEM Form is not tested with the honeypot technique thus there is no official documentation for the same but there are multiple other ways to secure AEM Forms on the OSGi server, more details[0].

You can reach out to us via a support ticket in case you find any security prevention checks missing in the official document. 

 

[0] - https://experienceleague.adobe.com/docs/experience-manager-64/forms/manage-administer-aem-forms/hardening-aem-forms-environment/hardening-securing-aem-forms-environment.html?lang=en 

    veenakt28
    veenakt28Author
    New Participant
    May 4, 2022

    Hi Pulkit,

    Thank you for getting back soon, in my case the forms we have are customized (it is a custom component), these are not taken from the AEM forms, in this case how do we secure form submission. 

      Pulkit_Jain_
      Pulkit_Jain_
      Employee
      May 4, 2022

      @veenakt28 

      Do you mean to say that you have used OOTB site components to create custom form components and then created a form or embedded the same in a page?

      If there are no AF components being used then you can reach out to AEM site experts here for more insights- https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/ct-p/adobe-experience-manager-community 

      If you've created custom components using OOTB AEM Forms components then please elaborate further- what is the use case? What type of form submission you're referring to?

        Terms & ConditionsAccessibility statement

        Loading footer...