Public Webforms are a feature of The TrackVia platform that allow unauthenticated users of the internet the ability to easily and securely input data into a TrackVia account via Web or Mobile device internet browser. The feature allows for extending customer’s TrackVia apps deep into an or externally to their own vendors, customers, or subcontractors, but also introduce some risk to an organization’s data integrity.
Because users of Public Webforms are anonymous, there is not full accountability for the write requests made to those database tables on which the feature is enabled. The use of Public Webforms should be carefully considered by app builders, system administrators, and security teams.
The purpose of this document is to outline the security model and relevant safeguards that are in place to ensure that customers of the TrackVia platform can evaluate risk associated with the feature and enable it confidently in accordance with their organization’s security posture.
Explicit Provisioning Required:
- All forms that are made into Public Webforms must be explicitly activated by an application admin or system admin. Only data fields explicitly included in the form itself will be visible to public (non-authenticated) users. Logs for Public Webform activation/deactivation are accessible to TrackVia engineering as needed.
- All Public Webforms are enabled with reCAPTCHA v3 to prevent fraudulent or bot-initiated submissions.
Encryption in Transit:
- All data entered into public webforms is transmitted to the database via TLS 1.2 or higher to prevent interception or packet sniffing.
- All Public Webform URLs contain a complex cryptographic hash utilized by the database to verify the validity of submissions before writes are committed to the database and prevent URL path enumeration.
Malicious Attachment Blacklisting:
- Image and Document attachments can be uploaded via Public Webforms if a use-case warrants unlicensed users needing to attach such documents. TrackVia maintains an active blacklist of potentially malicious filetypes that will not be accepted by the database.
Rate-limiting & IP Tracing:
- TrackVia Operations maintain observable rate-limiting to prevent distributed Denial Of Service attacks and ability to trace all write requests to geographic region via IP tracing.
Configuration Best Practices
- Even with the measures outlined here, it is possible that an unwanted submission may be made to your TrackVia table via an enabled Public Webform. For this reason, it is always best practice to enable Public Webforms on dedicated data ingestion/staging tables for review and sanitization as necessary before data is integrated into reporting and workflows. Alternatively, ensuring that notifications are configured for write events on the target table receiving unlicensed submissions allows for super-users to review submissions proactively on an on-going basis.
V1.0 Update: 1/17/2024