Hi all I just discovered netlify today and was looking and reading about netlify forms, as well as, the captcha function that is available. I saw the features whereby forms submissions would be automatically submitted to netlify dashboard where it can be reviewed. I would like to ask if there are any functions to prevent that from happening whereby the forms would not be submitted to the dashboard, is there an option for that?
This is because I would like to use this netlify function on my sign up and login forms which contains sensitive data such as password on my website which I wouldn’t want it to be appearing in the netlify dashboard. Thank you for taking the time to read my question.
Hi kylesloper, thank you for your fast reply. I am thinking if it would be a security issue? Sorry if I am asking a stupid question but if it is a form for signing up to my website and the form contains the login details to my website, wouldn’t it be considered as insecure as every forms submitted by users will be available in the dashboard because website administrators are not supposed to know every user’s password? Or am I understanding it wrongly?
I did think of that but then again surely you want the data collected in some way. As far as I’m aware the Forms UI is just ran on the API so I guess you could use js to stop it but then again it wouldn’t get sent to the API in the first place and the data would be missing altogether.
That’s correct. It would be a security issue. However, why do you need a form in which you are collecting passwords to be converted to a Netlify form? Netlify won’t collect data from all the forms on your website, it’ll just collect data if it finds a Netlify-valid markup.
It would be helpful or you to walk us through what you are trying to achieve, it sounds like your talking about clients passwords but I don’t know why you would collect them through an input that is sent to the forms API.
I would like to use the netlify captcha and honeypot functions in it actually.
If it is impossible to not send it to the dashboard, I guess I have no choice but to use netlify serverless functions to integrate the captcha myself instead.
Ah alright. To summarize it, I have a website where only registered users can use certain features of the website. I would like to implement the captcha in my sign up form to prevent spams and bots. My website is a static website therefore I have no server and was looking into severless functions and I found netlify. I saw netlify provided the option to create forms with captcha, so I was thinking of using netlify to handle the sign up form instead. However the forms will get send to dashboard, so now I am thinking of just using and implementing netlify severless functions instead of using the default netlify form.
Well, with Netlify forms, you’d anyways be capped at 100 submissions per month and I don’t think what you’re planning to do needs the additional payment. You can simply integrate Google ReCaptcha with any form you create.
I see so I just have to use the netlify serverless functions to capture the response back from Google? In that way it won’t get submitted to the dashboard already since I am integrating it myself. Thank you for the answer and sorry for causing confusion with my enquiries.
No you shouldn’t… In fact I’ve got an even better solution for you. Role Based access control.
Netlify Identity (another service by Netlify) is a built in authentication platform for your site. I would recommend checking up on the docs regarding Identity and reading through the threads we have here explaining how role based access control works.
I’ll give you a quick run down of the process:
User signs up with Identity form on your site
Their user is logged in the Identity tab in the UI
You assign roles to that user lets say “admin”
You make a rule in your site code saying that only users with the role of “admin” can access “example.html”
I’ll attach those resources that you should look at in the mean time
Ah, my bad if I was unclear. I just want to integrate Google’s recaptcha to ensure the user is not a bot. So I just want to capture the response back from Google because based on google documentations about the recaptcha it cannot be done on client side. I don’t want to capture any data from my input in the form because authentication is done by firebase in my website.