What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
Could you please tell us a bit more details in regards to your question?
Once we know more we would be happy to assist with the same.
I didn't mean to open a ticket, I was trying to search your Knowledgebase
for something that showed whether an embedded form that included a Stripe
transaction was secure on that page.
Oh OK, not sure how it became the ticket then :)
If you do not mind, I could still reply back to you on that :)
This would depend on the point of view and in general, the only way for it to be considered as truly secure, would be if the page you are embedding it on is opened on HTTPS.
If it is opened over HTTP - non secure protocol, the Stripe calls would still be made over HTTPS, however this would not offer a complete security and while you might read somewhere that it is enough, you will find others that say that it is not.
If you are opening a website over wifi, that would not be seen as secure (embedding form on HTTP website) since some data could be read and some other data could be changed easily along the way.
If you are opening a website (over HTTP) with embedding that calls for Stripe over your wired broadband connection and you are sure that there are no people listening (while the same applies as for wifi) you could say that it is secure.
In fact, the HTTP website is secure as long as someone is not listening in in any way.
As a rule of thumb, HTTPS is always better than HTTP.
To make a summary:
1. embedding a form to website accessed over HTTPS - great and safe - feel free to do it
2. embedding a form to website accessed over HTTP - not as safe, however people are doing it and some part of the data is still being sent in a safe manner (the one going to Stripe), however it would be possible to implement 'a listener' to the rest of the page.
* methods here do not play much of a difference, the protocol does
Hope this helps :)