What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Feature Request: Protected Fields

    Asked by estaylorco on December 09, 2012 at 07:46 AM

    Hello Support,

    I'm in the processing of configuring Tectite's mail system as a JavaScript-disabled fallback to JotForm (I haven't deployed the form yet).  Acutally, I'm using progressive enhancement: I proceed on the assumption that Tectite will be used, but then upgrade the user to JotForm if JavaScript is enabled.

    But doing all of this revealed a problem of concern surrounding certain information that should be protected with a little more than just HTTPS.  By the way, we just signed up for the premium service and put our form under Secure Submission.  Tectite has an interesting approach, which I outline below as my suggestion, and then embellish.

    It would be nice to be able to specify certain fields as "protected."  If they're protected, JotForm would then place the content in a password-protected PDF or password-protected zipped-up text file (along the lines of 7zip), and attach that to notification emails (not autoresponder emails, though).  The PDF and text files could be templated, and the password(s) would be stored on JotForm's servers, encrypted.

    Later, this could become part of a JotForm-hosted encryption/decryption service for fields that are not only protected, but also encrypted.

    Until today, if in our contact form a user supplied a user name and/or password for an FTP site, for example, the information traveled in clear text over the wire.  We're using Secure Submission now.

    HERE'S WHAT WE'RE DOING IN THE MEANTIME...

    The user enters the user name and password (obfuscated) in a secure JotForm, but I leave these two items out of the notification and autoresponder templates.  I simply boilerplate some obfuscation into the templates.  In the notification email (but not in the autoresponder email), I include a link to our Submissions, which I made public.  That gives the user on our side of the fence the ability to log in, if he or she is authorized, to view Submissions history under JotForm's roof, wherein the user name and/password our end user supplied can be viewed.

    But having to go the Submissions public page could be a bit of a hassle.  It would be nice to have an email attachment.

    Just some thoughts...

    Page URL:
    http://www.cgpaint.com/contact.html

  • Profile Image
    JotForm Support

    Answered by jonathan on December 09, 2012 at 08:13 AM

    Hi,

    Your request feature have merit on it. A password type value in an input field is not encrypted and can be easily read as text only. This is easily seen on email notification fields value.

    Although a similar requested feature had been ticketed before, I will create a new ticket for your convinience.

    Any updates on this ticket will be posted here and you will be informed immediately about it.

    Thanks.