What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
How does "secure form" workAsked by ctabor1 on February 01, 2012 at 04:28 PM
What is that used for... Or what is it typically used for? And how/when do you use it?
Does it keep info private that people fill out on your form?
ALSO, is it the same thing as SSL?
I noticed when I created a password protected report... that the https has a line through it.
I don't think that has anything to do with the question I asked...
But does that mean your "secure" is not really secure?
Secure forms are used for transmitting sensitive data between a client PC and a server. It means the data is encrypted and cannot be intercepted by a 3rd party.
Yes, SSL is the transport layer that provides the encryption.
Yes, when you see a strike through the https, this means the page contains at least one element that isnt on a secure server, possibly an image or if the report is embedded in a webpage , the website hosting the report may not be on a secure server.
Hope that helps.
So if I just select “secure” on the embed page prior to putting the form on the site, or if they go to the link, etc., then their info is protected?
The reason I ask is because it is a medical intake form.
Can someone tell when they fill it out, that it is secure, or should I put some copy on the form indicating that it is?
Or do you have an image that demonstrates that automatically?
Yes, clicking the 'secure' checkbox in the Embed form options will provide you with a URL for your form which makes use of a secure JotForm server.
The data transmitted with this form will then be encrypted between client and server, the data is 'protected' from any prying eyes that may be out there.
If you provide someone with a secure URL for your form, their web browser will report the webpage/form as being 'secure', different browsers report this status differently e.g on Chrome:
Not all web users will be savvy enough to know to look for that information, so it probably is worth making them aware of it somewhere on the form.
Our developers are currently working on an option where users who are making use of secure form URLs will be able to enable a 'Security Seal', an image that shows the secure nature of the form, but it isnt quite ready for release yet.
Does this feature work for an free, not premium account also?
Yes, the only difference is the submission limits.
FREE: 10 SSL submissions per month
PREMIUM: 1000 SLL submissions per month
Do you know if the secure form would be in compliance with HIPAA requirements – if in fact, they apply in this situation?
(Patient intake health history form)
It is possible to use JotForm in a HIPAA compliant way. Please take a look at the following thread:
Thanks, that is very helpful…
However, is there a way to allow for downloads and viewing of the submission(s), without giving full access to jotform?
I don’t want the client to inadvertently change the form or mess anything up.
What are some solutions?
Whoops… forgot to ask…
The thread says to log INTO jotform using https... to create the form.
What if the form is already created?
Can I log in https… and make an edit and then it will change its level of security?
I’m not sure I understood that part.
"However, is there a way to allow for downloads and viewing of the submission(s), without giving full access to jotform?"
You can generate password protected reports but there is no way, at this time, to display them over a secure connection.
Please continue to create ALL your forms on http://www.jotform.com .
When you create any form on JotForm, the secure version is automatically generated on https://secure.jotform.com. All that is you need to do is change is the URL that you distribute, a secure URL or a non-secure URL.
Every form on JotForm has a unique ID. its an 11 digit number. You can just use this number to find the secure URL of your form.
e.g; say I have a form: http://form.jotform.com/form/20035308820
Its unique ID is 20035308820.
To find the secure version of that form. I only need to add that ID onto https://secure.jotform.com/form/
So, my secure URL for the above form is https://secure.jotform.com/form/20035308820
Thats ALL you need to do to use a secure URL for ANY form.
Hope that helps clarify things.
Is it secure when embedded?
It still technically is, but if you have it embedded on a non-https: webserver, the page wont report as being secure.
To inspire complete confidence in your forms users, you may be best linking people to the forms' JotForm URL from your website .
I was doing some research on this same topic and wanted to add, it probably is not such a wise idea to use it embedded on a non-https domain or page for SSL's lack of any ability to do anything about man-in-the-middle type attacks in such cases.
this means, it is possible for he who has the technical ability, to inject a 3rd party code to your page and be able to capture all the data in plain text before your data is actually at "client" end which would be your actual jotform url. so data > your site > man in the middle script > then jotform ssl > encryption > your protected data transfer > your email, database, whatever.
and as suggested, try to use the pop up version of the form so it loads the jotform, and there you can display a secured by ssl seal, get https, and put a little explainer that this is your provider. jotform also now offers its own full source code server license which you can host on any domain you want, so it will look like this https://www.upstreampehr.com/123456342formid
hope this helps all othes who may come here like me look after ssl or hippa info on jotform
Hi, thank you for sharing these information.
Feel free to contact us again anytime for any other concern.