What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    How secure is the edit link of the submission?

    Asked by Jon Eckstein  on November 10, 2016 at 02:25 AM

    Hi JotForms,

    I've been playing with the v4 builder and really liking it!  I've been looking for a service that allows the user to go back and view/edit their answers at a later date as I'm building a fairly complicated form flow with multiple pages and multiple forms.  

    My question is the following:

    I understand how the edit links work and I was able to get it working within an iframe which is great, but I'm a little worried about the edit links themselves.  How secure are they?

    If I'm a hacker and I want to get someone's jotform answers couldn't I just get lucky by entering the edit url in a browser:

    https://form.jotform.com/edit/<some_random_number>

    where <some_random_number> is some random number that gets filled in via a script?

    I hope that's clear, thanks for any help.

    -Jon

    Page URL:
    jeckstein

    edit links builder
  • Profile Image
    JotForm Support

    Answered by Welvin on November 10, 2016 at 02:34 AM

    Thank you for the feedback about the new form builder.

    As for the Edit URL, the numbers are open and if one can guess it, they should be able to get the data on the form. But I don't think someone should be able to guess the number considering its length. If that really matters to you, I'll be happy to send this to our backend team. Let me know. 

  • Profile Image

    Answered by jeckstein on November 10, 2016 at 03:44 AM
    It's not a matter of a human guessing it, it's a matter of someone writing
    a script that runs through a trillion numbers and gets it.
    Yes, please send to the backend team as I'm wondering if there's an added
    layer of security that can be put in place like requiring a header with a
    client key or something similar.
    Thanks.
    ...
  • Profile Image
    JotForm Support

    Answered by owen on November 10, 2016 at 03:55 AM

    Hi Jon,

    Security and confidentiality of our users while using JotForm are the most important fundamentals that we care about. Since you have come to us with a concern at these matters we will be glad to be working on this and make the all the necessary fixes possible. 

    I am now forwarding this concern of yours to our developers and you will be notified when they come up with a solution for it. 

    Please contact us whenever you need assistance. We will be glad if we can be of any help. 

  • Profile Image

    Answered by jeckstein on November 16, 2016 at 12:44 AM
    Hi Owen,
    Are there any updates on this issue? I would really love to implement an
    embedded Jotform solution into an app I'm working with. But the risk of
    data exposure with the current edit endpoints isn't workable, I'll be
    dealing with a lot of sensitive data.
    Thanks for any help.
    -Jon
    ...
  • Profile Image
    JotForm Support

    Answered by owen on November 16, 2016 at 01:51 AM

    Hi again Jon,

    The issue has already been forwarded to the related team. However, I am not able to provide a timeframe since it completely depends on the current workload of the team. We will let you know as soon as there is an update about this issue.

    Thank you for contacting us. 

    Kind Regards