This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 2

hiding form number in URL

Started 15 years ago by zim | 16 posts |


  1. zim
    Member

    I notice the hosted form is accessed with a URL similar to:

    http://www.appnitro.com/demo/view.php?id=6

    A user can potentially fill out other forms (some sensitive) by changing the id in the URL. Can view.php be called with POST instead of GET?

    Or, what about using a GUID type number for the forms? It would be a lot harder to guess '1032-AE80-107362788158787616-A732' than '6'

    Posted 15 years ago #

  2. donflor
    Member

    use the embed feature?

    Posted 15 years ago #

  3. yuniar

    Yes, using the embed code (particularly the Advanced Embed Code), you can hide the URL to your form.

    If you have very sensitive form, I suggest to make it password protected. Simply go to your form properties and set the password.

    MachForm Founder

    Posted 15 years ago #

  4. bjose
    Member

    Wondering if there is a (not-so-difficult) way to replace numeric form IDs with GUIDs by modifying the code base?
    Thanks!

    Posted 12 years ago #

  5. yuniar

    I'm afraid there is no easy way to do this, since the ID is pretty much a core to the engine.

    MachForm Founder

    Posted 12 years ago #

  6. williamansley
    Member

    Would it be possible to keep the simple numeric form ids for internal use by the application and add a new column to the table to associate each one with a GUID, and then use the GUID to create the URL for the form? We just had apparently had an incident where a student found a form under development that was active but not linked to from any page on our web site and filled it out and submitted it. We would prefer not to embed our Machforms, but it is beginning to look as if we may have to.

    I would be very grateful if you would keep this idea under consideration as a new feature for a future version of Machform.

    Posted 12 years ago #

  7. yuniar

    Eventually, we're looking forward to that. At this moment we're currently focusing with few other stuff.
    If you have sensitive form and don't want to be accessed by anyone, I suggest to set password for you form.

    MachForm Founder

    Posted 12 years ago #

  8. bjose
    Member

    Glad to hear you are looking to include this functionality in the near future. I agree with williamansley - we cannot have forms out in the wild where it's pretty easy to get access to another form that's not intended for a specific audience as the form identifiers are integers that are sequentially generated.

    This is more of a "requirement" than an "option", and using a password to protect forms is not always an option when we send form links to clients.

    Posted 12 years ago #

  9. groovybluedog
    Member

    I would like a permanent way to hide the form number in the URL. Personally, I would like to see personalised URLs - as in if I call a form "Registration Form", I would like to see "registration-form" in the URL rather than the ID. I totally agree with the purpose of this thread.

    Posted 12 years ago #

  10. TimHines
    Member

    where is the "Advanced Embed Code?" I don't see that written any where.

    I also agree with groovy, that would be a great feature!

    Posted 12 years ago #

  11. williamansley
    Member

    @TimHines: I believe yuniar was inadvertently using terminology from Machform version 2. In Machform version 3 the "Advanced Embed Code" is now called the PHP Embed Code, if I am not mistaken. Here is a link to the documentation on it:

    http://www.appnitro.com/doc-form-code#using-php-embed

    As far as password protecting a sensitive form, this leaves the problem of getting the password out securely to everyone who needs it. If the password for a form could be tied into an LDAP, then this would solve that problem, assuming that only people who already have logon credentials in a given organization will need to fill out the form. I will submit a new feature request post for this.

    Posted 12 years ago #

  12. yuniar

    TimHines -- that was my post 3 years ago :-) As for now (v3), you can use the PHP Form File or PHP Embed Code option to create custom URL for your form.

    MachForm Founder

    Posted 12 years ago #

  13. voodoo
    Member

    I would like to see friendly URLs as well. This has my vote. :)

    Posted 12 years ago #

  14. budapestguide
    Member

    Another vote for friendly pretty URLs

    Posted 11 years ago #

  15. maperformance
    Member

    Are SEO friendly URL's not going to happen directly in MachForm? I'd like to see it happen for sure.

    Posted 10 years ago #

  16. ringo
    Member

    I also add my vote for being able to assign a personalized ID to the form.

    Posted 10 years ago #

RSS feed for this topic

Reply