What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    WorldPay Integration: MD5 Secret for Transactions and Signatures for WordPay security standards

    Asked by BioMEXSolutions on September 09, 2014 at 09:46 AM

    My ticket also mentioned the a concern about MD5 Secret for Transactions and Signatures, this makes sure that the form is secure to WorldPay standards. 

    Specifically, MD5 Secret for Transactions ensures that the amount to be paid can't be tinkered in the process of it being sent to WorldPay for example.

    What are the chances of this being improved on? My client is an institution and they are very keen to keep to the security requirements specified by their organisation. 

    Thanks in advance!

  • Profile Image
    JotForm Support

    Answered by Welvin on September 09, 2014 at 11:57 AM

    Hi,

    I have now forwarded this thread to our developers. The most possible way for now in order to secure your form is to use our SSL feature. You can add this feature to your form direct URL or when you embed it to your website. Please refer to this guide: http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions.

    Our developers would update this thread about the requested enhancements. They would decide about it.

    Thank you!

  • Profile Image
    JotForm Support

    Answered by NeilVicente on October 17, 2014 at 04:26 AM

    @BioMEXSolutions

    We have implemented an alternate solution for WorldPay's MD5. 

    The redirection will now be processed directly from the form itself, thereby preventing exposure of the transaction variables. This makes the form more secure as there would be no way for the end-user to tinker with the transaction.

    Kindly check out this new change and let us know what you think.

    Best regards