Announcement

Collapse
No announcement yet.

Security of Form Developed By Click and Pledge

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security of Form Developed By Click and Pledge

    Hi,

    A client is submitting a design file to Click and Pledge to build out a donation form. Understanding that this form will be delivered back in HTML so that it can be embedded as an iframe, will it be secure? I assume it will since the form is being hosted on the CP server.

    Does the page of the client's site that the form lives on need to be secure in order to process data? AKA would we need to purchase a separate SSL Certificate for our hosting?

    I'm noticing that this site in particular is not secure where confidential information is being passed along: http://www.tostan.org/donate

    This looks as though it was an iframe developed by Click and Pledge. Please advise as to whether an SSL Certificate needs to be purchased and implemented on the client's server (not Click and Pledge's server). Thanks.

    Patrick

  • #2
    Good day Partick,

    Our client services department works with clients that wish to have forms built per their design. As part of this service we also host the form on our servers. These forms are all hosted securely and the only way to access the forms is through HTTPS:// (SSL). Our API simply rejects and posts that originate through insecure connection.

    The site you are referring to is a client's site that is iframing the form on their site. We ask all clients to add an SSL key to their site for cosmetic reasons so the donors see the SSL and get the feeling of "security" given the visual of SSL lock on the browser. The form is IFRAME and is secure so regardless of the appearance of the form externally the post is secure. I hope that makes sense.

    When the IFRAME is secure it does not matter where it is hosted as the communication is between the IFRAME and the server & all information is done through a secure handshake.

    We highly, highly, and highly recommend that our clients secure their page to appear secure to the donors. As for the SSL purchase we typically use http://servertastic.com for purchasing the SSL key as they provide good pricing.

    Please let us know if we can be of any further assistance.
    Regards,
    Click & Pledge Support Department

    On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

    Join us @ the educational webinars: https://clickandpledge.com/webinars/
    Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
    Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

    Comment

    Working...
    X