- iStoreAsked on July 18, 2011 at 01:36 PM
The form is password protected (by entering your password and clicking 'next' it takes you to the next page with the actual form detail).
The use case is: Manager 'A' enters password and clicks to next page and enters some of the form data and submits. An email is sent to Manager 'A' and 'Human Resources' and Manager 'B'.
Human Resources clicks the edit link to add more detail. The edit link takes them to the first page with the password field. Here's the problem - The password field is already populated with the password that Manager 'A' entered originally. Human Resources doesn't need to enter their own password, they can simply click 'Next'.
This issue makes the form not very password protected.
Please help. I've attached a screenshot of the page that loads by clicking the edit link in the notification email.
I'm using Safari Version 5.0.5 (6533.21.1)
- JotForm SupportNeilVicenteAnswered on July 18, 2011 at 02:24 PM
I am sorry but I do not think there is any workaround to this. The password field is considered a part of the form submission entry, thus, the value entered into the password field is also loaded when the submission entry is being edited through the edit link.
There is no way to clear the password field's content, as least none to my knowledge. Perhaps some other member of our support team can give their two cents regarding this.
- iStoreAnswered on July 18, 2011 at 04:23 PM
Thanks for your rapid response Neil. I would like to get a more definitive answer from another support person as this seems a bit ridiculous that the password field would retain the password. This seems to negate the value of the password feature as a security measure.
- JotForm SupportNeilVicenteAnswered on July 19, 2011 at 01:36 AM
No offense but I do not think that loading the password in an edit link is ridiculous since the edit link is a private page - no one will have access to the edit link unless you give it to them via autoresponders and notification mails.
I mean, if you're giving a person permission to edit the submission entry, loading up the password in the entry shouldn't be a problem with regards to security, since the password is used for accessing the blank form, no?
- iStoreAnswered on July 19, 2011 at 02:46 AM
Holy CRAP!!! I just had a friendly Jotform user point out that the passwords on your forms shows up in the source code on your page. He looked mine up in the source code and sent me a friendly notice via my own form. The passwords are listed right there. No hacking skills required. What the heck Jotform???? You've got to be kidding me? And you tout government level encryption? First graders could figure this stuff out (I'm embarrassed to say).
Don't get me wrong, your product is very nice...until now. I feel so violated now...
- BorisAnswered on February 27, 2016 at 07:09 PM
@nlazarre, as you are responding to an old thread, your question has been moved to a new thread:
We will be supporting you with it there, shortly. Thank you.