- michael.roweAsked on June 24, 2015 at 12:40 PM
Serious Security Concerns about JotForm
I've had to recently switch from formscentral, and after becoming a premium member and working with JotForm for a while, I have some serious security concerns with the current requirement of manually typing in https to access the site securely.
1. I do not appreciate that my user name and password are transmitted in un-encrypted plain text when I login to JotForm. At a minimum, at least submit my login information over HTTPS and then redirect me to HTTP with some kind of session token.
2. Ideally all form submissions should be submitted and viewed by default over HTTPS at least for paid members. If that's not possible, there should at least be an option to force SSL at the account level and/or form level. It completely defeats the purpose if you have the form information being submitted securely, but then have the submissions being viewed un-securely.
3. If neither of these options are doable, at least put a clear link somewhere like "Go to Secure Site." The average user can't tell you the difference between http and https so to think that they are going to remember to manually type in https every time is not a good option.
Thank you for your consideration of these concerns.
- JotForm SupportMikeAnswered on June 24, 2015 at 02:25 PM
Thank you for contacting us.
We appreciate your input. I have attached a feature request ticket to this thread about enabling/implementing a force SSL option. The ticket has been forwarded to our Development Team for consideration.
Unfortunately, I cannot provide any ETA for when it will be implemented, but we will let you know if we have any updates.