What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    How does "secure form" work

    Asked by ctabor1 on February 01, 2012 at 04:28 PM

    What is that used for... Or what is it typically used for?  And how/when do you use it?  

    Does it keep info private that people fill out on your form?

    ALSO, is it the same thing as SSL?

     

    I noticed when I created a password protected report... that the https has a line through it.

    I don't think that has anything to do with the question I asked...

    But does that mean your "secure" is not really secure?

     

    Thanks!

    Christine

    protected secure ssl secure form https
  • Profile Image
    JotForm Support

    Answered by fxr on February 01, 2012 at 04:42 PM

    Hello Christine, 

    Secure forms are used for transmitting sensitive data between a client PC and a server. It means the data is encrypted and cannot be intercepted by a 3rd party. 

    Yes, SSL is the transport layer that provides the encryption. 

    ---

    Yes, when you see a strike through the https, this means the page contains at least one element that isnt on a secure server, possibly an image or if the report is embedded in a webpage , the website hosting the report may not be on a secure server. 

    Hope that helps. 

  • Profile Image

    Answered by ctabor1 on February 01, 2012 at 05:08 PM
    Thanks…

    So if I just select “secure” on the embed page prior to putting the form on the site, or if they go to the link, etc., then their info is protected?

    The reason I ask is because it is a medical intake form.
    Can someone tell when they fill it out, that it is secure, or should I put some copy on the form indicating that it is?
    Or do you have an image that demonstrates that automatically?

  • Profile Image
    JotForm Support

    Answered by fxr on February 01, 2012 at 05:24 PM

    Yes, clicking the 'secure' checkbox in the Embed form options will provide you with a URL for your form which makes use of a secure JotForm server. 

    The data transmitted with this form will then be encrypted between client and server, the data is 'protected' from any prying eyes that may be out there. 

    --

    If you provide someone with a secure URL for your form, their web browser will report the webpage/form as being 'secure', different browsers report this status differently e.g on Chrome:

     

     

    Not all web users will be savvy enough to know to look for that information, so it probably is worth making them aware of it somewhere on the form. 

     

    Our developers are currently working on an option where users who are making use of secure form URLs will be able to enable a 'Security Seal', an image that shows the secure nature of the form, but it isnt quite ready for release yet. 

  • Profile Image

    Answered by ctabor1 on February 01, 2012 at 05:45 PM
    Does this feature work for an free, not premium account also?


    Christine

  • Profile Image
    JotForm Support

    Answered by fxr on February 01, 2012 at 05:55 PM

    Yes, the only difference is the submission limits. 

    FREE: 10 SSL submissions per month

    PREMIUM: 1000 SLL submissions per month

  • Profile Image

    Answered by ctabor1 on February 01, 2012 at 06:46 PM
    Do you know if the secure form would be in compliance with HIPAA requirements – if in fact, they apply in this situation?
    (Patient intake health history form)

    Christine

  • Profile Image
    JotForm Support

    Answered by Mike_T on February 01, 2012 at 07:23 PM

    Hello Christine,

    It is possible to use JotForm in a HIPAA compliant way. Please take a look at the following thread:

    Are form submissions HIPPA compliant?

    Thank you!

  • Profile Image

    Answered by ctabor1 on February 02, 2012 at 08:27 AM
    Thanks, that is very helpful…

    However, is there a way to allow for downloads and viewing of the submission(s), without giving full access to jotform?
    I don’t want the client to inadvertently change the form or mess anything up.

    What are some solutions?

    Christine

  • Profile Image

    Answered by ctabor1 on February 02, 2012 at 08:56 AM
    Whoops… forgot to ask…
    The thread says to log INTO jotform using https... to create the form.

    What if the form is already created?
    Can I log in https… and make an edit and then it will change its level of security?

    I’m not sure I understood that part.

    Christine

  • Profile Image
    JotForm Support

    Answered by fxr on February 02, 2012 at 10:08 AM

    "However, is there a way to allow for downloads and viewing of the submission(s), without giving full access to jotform?"

    You can generate password protected reports but there is no way, at this time, to display them over a secure connection. 

    --

    Please continue to create ALL your forms on http://www.jotform.com . 

    When you create any form on JotForm, the secure version is automatically generated on https://secure.jotform.com. All that is you need to do is change is the URL that you distribute, a secure URL or a non-secure URL. 

    --

    Every form on JotForm has a unique ID. its an 11 digit number. You can just use this number to find the secure URL of your form. 

    e.g; say I have a form: http://form.jotform.com/form/20035308820

    Its unique ID is 20035308820.

    To find the secure version of that form. I only need to add that ID onto https://secure.jotform.com/form/

    So, my secure URL for the above form is https://secure.jotform.com/form/20035308820

     

    Thats ALL you need to do to use a secure URL for ANY form. 

     

    Hope that helps clarify things.

  • Profile Image

    Answered by ctabor1 on February 02, 2012 at 10:51 AM
    Is it secure when embedded?

    Christine

  • Profile Image
    JotForm Support

    Answered by fxr on February 02, 2012 at 11:11 AM

    It still technically is, but if you have it embedded on a non-https: webserver, the page wont report as being secure. 

    To inspire complete confidence in your forms users, you may be best linking people to the forms' JotForm URL from your website .

  • Profile Image

    Answered by sourapplerepair on August 18, 2013 at 02:04 PM

    I was doing some research on this same topic and wanted to add, it probably is not such a wise idea to use it embedded on a non-https domain or page for SSL's lack of any ability to do anything about man-in-the-middle type attacks in such cases.

     

    this means, it is possible for he who has the technical ability, to inject a 3rd party code to your page and be able to capture all the data in plain text before your data is actually at "client" end which would be your actual jotform url. so data > your site > man in the middle script > then jotform ssl > encryption > your protected data transfer > your email, database, whatever.

     

    and as suggested, try to use the pop up version of the form so it loads the jotform, and there you can display a secured by ssl seal, get https, and put a little explainer that this is your provider. jotform also now offers its own full source code server license which you can host on any domain you want, so it will look like this  https://www.upstreampehr.com/123456342formid

     

    hope this helps all othes who may come here like me look after ssl or hippa info on jotform

  • Profile Image
    JotForm Support

    Answered by jonathan on August 18, 2013 at 04:18 PM

    @ sourapplerepair

    Hi, thank you for sharing these information.

    Feel free to contact us  again anytime for any other concern.

    Thanks.