What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Is the edit link unsecured?

    Asked by yonatann on April 20, 2016 at 08:59 AM

    Hi,

    I note that each submittion is editable via the URL: https://www.jotform.com/edit/{submissionID} without requesting any authentication details from the visitor.

    Is it so in all forms automtaically? is there a way to prevent this?

    Best,
    Yonatan Goldberg

    edit link JotForm www editable all
  • Profile Image

    Answered by Huberson on April 20, 2016 at 10:58 AM

    Hello Yonatan Goldberg,

    The submissions are in fact editable via the URL you mentioned above but the submissions IDs are not in a 1-2-3 way so they can be easily guessed and used by anyone with that link to edit a submission.

     

    Hope that answer your concern.

     

  • Profile Image

    Answered by yonatann on April 21, 2016 at 08:26 AM

    Thanks for the kind support.

    Please only confirm that I can trust the URL "https://www.jotform.com/edit/{submissionID}" to be accessible to everyone (if they know the address of course...) for editing. True?

  • Profile Image

    Answered by Huberson on April 21, 2016 at 11:07 AM

    Since the URL is sent by email if you set an Autoresponder email, the submission can be edited by that person receiving the email with the 'edit link'.

    To answer your question again, yes it is accessible without being logged in because someone submitting your form should not have to log in just to edit their submission using the 'edit link' from the email sent via Autoreponder.

    But, to access and edit a submission someone need the ID, which can be accessed from your account under submissions page or from the email account of the person who made this specific submission. 

    So people can only access a specific submission only if they have found the specific ID for that submission.

    I would suggest you add the 'Edit Link' in the Autoresponder email only if you want to grant people access to edit their entries after a submission has been made.