- rwaldenjrAsked on January 13, 2018 at 07:04 PM
I'm trying to understand JotForm's "recommended" use of "workarounds" for compliance with JotForm's Terms, and yet not have my pages flagged by your password and phishing filters. My site collects users's personal information and financial data. I've read that even your workaround security measures are visible in the source code. Does that apply to security words that are obfuscated as well?
I'm concerned about not being in compliance with Federal legislation regarding protection of clients' data, especially if reasonable password protection isn't available! With tougher legislation in the works to combat recent high-profile data breaches, not to mention the previous rules regarding financial transactions (i.e., Sarbanes-Oxley, the Gramm-Leach-Bliley Act, FTC's Safeguards Rule, and a possible U.S. version of the EU's new General Data Protection Regulation), how do you recommend that we use your forms in an ethical and legal manner to conduct our business?
Thanks for your advice!
- JotForm SupportEltonCrisAnswered on January 13, 2018 at 10:08 PM
If security is your most concern, the password protection workaround you've seen on forum isn't best for you. It is not safe and secure since the password is visible in the source code.
Unfortunately, we do not have password protection feature. If that's one you require, our best recommendation for now is to embed the form on your website where you have all the scope to implement security layers. You can also download your form source code if required.
I have also included your thread to our feature request list about this. We could not guarantee of its implementation but once this is added in the future, you will be informed here.