What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
How secure is the edit link of the submission?Asked by Jon Eckstein on November 10, 2016 at 02:25 AM
I've been playing with the v4 builder and really liking it! I've been looking for a service that allows the user to go back and view/edit their answers at a later date as I'm building a fairly complicated form flow with multiple pages and multiple forms.
My question is the following:
I understand how the edit links work and I was able to get it working within an iframe which is great, but I'm a little worried about the edit links themselves. How secure are they?
If I'm a hacker and I want to get someone's jotform answers couldn't I just get lucky by entering the edit url in a browser:
where <some_random_number> is some random number that gets filled in via a script?
I hope that's clear, thanks for any help.
Thank you for the feedback about the new form builder.
As for the Edit URL, the numbers are open and if one can guess it, they should be able to get the data on the form. But I don't think someone should be able to guess the number considering its length. If that really matters to you, I'll be happy to send this to our backend team. Let me know.
It's not a matter of a human guessing it, it's a matter of someone writing
a script that runs through a trillion numbers and gets it.
Yes, please send to the backend team as I'm wondering if there's an added
layer of security that can be put in place like requiring a header with a
client key or something similar.
Security and confidentiality of our users while using JotForm are the most important fundamentals that we care about. Since you have come to us with a concern at these matters we will be glad to be working on this and make the all the necessary fixes possible.
I am now forwarding this concern of yours to our developers and you will be notified when they come up with a solution for it.
Please contact us whenever you need assistance. We will be glad if we can be of any help.
Are there any updates on this issue? I would really love to implement an
embedded Jotform solution into an app I'm working with. But the risk of
data exposure with the current edit endpoints isn't workable, I'll be
dealing with a lot of sensitive data.
Thanks for any help.
Hi again Jon,
The issue has already been forwarded to the related team. However, I am not able to provide a timeframe since it completely depends on the current workload of the team. We will let you know as soon as there is an update about this issue.
Thank you for contacting us.