Form Lingo: SSL (Secure Sockets Layer)

Written by Formstack on January 6, 2012

Posted in IT + Security

This post is a part of the Form Lingo Blog Series that helps define popular words and phrases within the Formstack application. As a reiteration of the Formstack Support Docs, this series is a response to our customers’ frequently asked questions about particular features, setting options, field names, etc.

SSL or Secure Sockets Layer is a protocol for providing secure communications on the Internet. SSL provides for the authentication and encryption of traffic between your browser and Internet servers.

Here are a few frequently asked questions we receive about the SSL setting.

“Do I have to have SSL enabled on all of my forms?”
No, not on all forms. However, according to our terms of service, you MUST enable SSL if you are collecting sensitive data on your form, such as credit card or social security numbers.

“What other ways can I make my forms secure?”
If you plan on emailing yourself sensitive submission data via a notification email, you must also set up PGP (Pretty Good Privacy) with your email client. Setting up PGP can be a complicated process. An easy alternative would be to just not e-mail sensitive data to yourself.  Instead, create a custom notification email that includes all of the submitted data EXCEPT for the sensitive data such as credit card numbers. You can also just simply send yourself a link to the data. With either option, you can just log into your Formstack account to view the data when you receive submissions.

If you’re storing sensitive information in the Formstack database, you must set up data encryption on your form. When you turn on this security setting, you’ll be required to create an encryption password. We’re not able to recover this password for you so be sure to use something secure, but memorable.

“Will it still work if I embed the form on my website?”
SSL will still function if the form is embedded on your website. However, unless your web page is also using SSL, visitors to that page will get an error message. The error will say that the page contains both secure (the form) and insecure (the rest of your web page) elements. To prevent that error, you would need your web host to enable SSL on the page where you embed your form. The other option would be to link to the form rather than embed it.

“Why doesn’t the lock symbol show at the top of on my form?”
When this happens that means that your website is not secure, however that does not mean that the form itself is not secure. Again, it is possible to have a secure form on a non-secure page. This is why we put the “Secured by Formstack” symbol on the form. (See below.)

To make the lock appear, you must have an SSL certificate for your own website or link out to the form using the Formstack url provided.

Have more questions in regards to the SSL setting? Be sure to post them below! Need instructions on how to turn on the SSL setting within your forms? Click here for step-by-step instructions.