What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Major security concerns, widgets are asking for credentials in non secure URLs

    Asked by mckeeto on February 26, 2016 at 05:07 PM

    Just signed up to test out your service. Was attracted by the ease of use and the available plugins. I will not be using the service however--you have major security vulnerabilities. When I went through the app integration process for Salesforce, I was prompted to enter my credentials. You are asking for these credentials on an unsecured web page and passing them (including password) in the clear. Its only a matter of time until someone hacks that connections (assuming they haven't already). A simple traffic sniffer would be able to get all users credentials for other sites. Major concern. 

    app all and traffic
  • Profile Image
    JotForm Support

    Answered by Kevin_G on February 26, 2016 at 05:31 PM

    Thank you for letting us know that, it is very important for us to get that info from our users.

    However, I did test the integration and it loads over a secure URL. 

    Could you share us a screenshot about what you see on your end please? 

    This guide will help you to upload it: https://www.jotform.com/answers/277033-How-to-add-screenshots-images-to-questions-in-support-forum

     

  • Profile Image

    Answered by mckeeto on February 29, 2016 at 09:45 AM
    I believe it loads over a secure URL *if* you are already on one. What I
    see is attached. As you can see, it is requesting my SFDC creds over HTTP.
    [image: Fairfax Athletics]
    Tyler McKee / Head Referee & Trainer
    tyler@fairfaxathletics.com / 703-470-9649
    Fairfax Athletics
    www.fairfaxathletics.com
    [image: Twitter] [image: Facebook]
    [image: Instagram]
    [image: Wordpress]

    ...
  • Profile Image
    JotForm Support

    Answered by Kevin_G on February 29, 2016 at 10:59 AM

    Unfortunately, your image did not reach this thread. Please follow this guide to upload your image: https://www.jotform.com/answers/277033-How-to-add-screenshots-images-to-questions-in-support-forum

    I have tested trying to load our URLs over a non-secure URL(HTTP) and it redirects to a secure one (HTTPS).

    Please share us the screenshot about what are you seeing in your end, we will check that and other widgets that work in the same manner.