What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
How to force SSL connection to JotForm websiteAsked by michael.rowe on June 24, 2015 at 12:40 PM
Serious Security Concerns about JotForm
I've had to recently switch from formscentral, and after becoming a premium member and working with JotForm for a while, I have some serious security concerns with the current requirement of manually typing in https to access the site securely.
1. I do not appreciate that my user name and password are transmitted in un-encrypted plain text when I login to JotForm. At a minimum, at least submit my login information over HTTPS and then redirect me to HTTP with some kind of session token.
2. Ideally all form submissions should be submitted and viewed by default over HTTPS at least for paid members. If that's not possible, there should at least be an option to force SSL at the account level and/or form level. It completely defeats the purpose if you have the form information being submitted securely, but then have the submissions being viewed un-securely.
3. If neither of these options are doable, at least put a clear link somewhere like "Go to Secure Site." The average user can't tell you the difference between http and https so to think that they are going to remember to manually type in https every time is not a good option.
Thank you for your consideration of these concerns.
Thank you for contacting us.
We appreciate your input. I have attached a feature request ticket to this thread about enabling/implementing a force SSL option. The ticket has been forwarded to our Development Team for consideration.
Unfortunately, I cannot provide any ETA for when it will be implemented, but we will let you know if we have any updates.