the Jotform example on jotforms with a password, and how to make this safer

  • Profile Image
    ebizz
    Asked on February 03, 2011 at 05:07 AM

    Hi Aytekin,

    We have read all your comments on hw to include a password in a jotform so that submit can only work if the correct static password is entered. You also mentioned that this is not a 100% safe system as the password itself can be seen in that jotform source code (which the viewer of the jotform can easily analyse)

    I have another case and perhaps this is safer. In fact our jotform is not to be submitted by a website visitor, but by ourselves : we use a jotform to fill in ourselves information that needs to go into the email also inputted into that form, so that this email gets an autoresponder email containing the info we submitted.

    to explain the exact use :

    we input in a jotform contractual terms, and upon submission, the customer gets a autorespond email with all this info (in fact this is now a contract in an email)

    In the email the customer will receive, he can see in the header of the autoresponder email 2 items :

    1) the jotform form ID mentioned onits own

    2) and jotform.com

    if somebody is clever enough, he can figure out that this form (whihc he's not supposed to be able to access, is located on www.jotform.com/formID

    Is ther any way the header info can NOT include the form ID ?

    This way a receiver of an autoresponder can not find out what the original form number was, adn can therefore not fill in the submit himself (because the form is only for our own use)

     

    Thanks in advance for your time spend on this answer, and keep Jotform growing !!!!

     

     

     

     

     

     

     

     

     

     

  • Profile Image
    aytekin
    Answered on February 03, 2011 at 05:25 AM

    I think you mean the X-Related-FormID header on the emails. No, we cannot remove that since we use that for debugging purposes.

  • Profile Image
    mirou795
    Answered on June 03, 2012 at 10:04 PM

    <script type="text/javascript" src="//form.myjotform.com/jsform/21547830051548"></script>