- JotForm SupportKiranAnswered on August 24, 2016 at 02:18 PM
- Christian FisetteAnswered on August 24, 2016 at 02:38 PM
That would be better, but are files uploaded ONLY to Google/Dropbox ? As files.jotform.com does not support authentication or encryption, uploaded files stored there are only secured through not knowing its url (i.e. not much at all).
In some of our usecase, some sensitive information can be inside documents, and we can't have those files stored in files.jotform.com, even for a short period of time. That's sad, because the protection on form data (other than uploded files) is rock solid.
I understand that client-side encryption of files can be tricky, but can we have at least authentication on jotform file servers ?
- JotForm SupportKiranAnswered on August 24, 2016 at 02:58 PM
Please be noted that we use Amazon S3 services to store the files which is secured. You may refer to the FAQs of Amazon S3 services security for more information. The submissions received to the form can be accessed only when you are logged in to your JotForm account. Also, the Form IDs or submission ID are impossible to guess to see any submissions or files uploaded.
The submissions or the files uploaded will be stored in the JotForm servers and then uploaded to Google Drive or Dropbox. If you do not want the submissions to be stored in JotForm servers, it is required to delete them manually. Unfortunately, there is no workaround for this at the moment. Since the issue with the encryption using the file uploads is forwarded to our backend team already, we hope it will be implemented soon. We cannot provide you any ETA in this regard, but you'll be posted on the other thread if there is any update.
- JotForm SupportBDAVIDAnswered on November 02, 2016 at 12:27 PM
Update: you can now secure your uploaded files even more by making the links only accessible when you are logged into your JotForm account, please check this post for more information: https://www.jotform.com/blog/259-Keeping-Your-Uploads-Secure