A form is like a key that gives access to an advanced programming function on a website. You use online forms all the time - when you log in or register, for online banking, in a contact form, for online reservations, mortgage calculators, etc. Maybe you have even used them to fill out a job application, order and pay with a bank card, or file and image uploads. The uses for forms are almost endless.

Forms enhance the functionality of a website and can even generate sales. But forms are a potential vulnerable point where hackers can alter the functions in a website. That is, unless the online form is not checked (validated) properly for malicious code. ProFormPlus checks every form field for malicious code.

It is programming language that gives instructions to make unwanted things happen in a website. Cross site scripting (XSS) is when a hacker copies the content of your webpage, changes it, then puts it back in (this is simplified, of course). There are many other tricks too. Obviously, this can lead to all sorts of problems like lost sales and/or lost trust in the website. ProFormPlus uses client and server-side validation that checks for malicious code insertion.

When a site visitor (the client) submits an online form, it must be validated (or checked) to make sure all the fields are filled out correctly. The client-side validation happens with a programming language called "JavaScript" which has been installed on the client's computer, that's why it is so fast and interactive - all this happens before it is sent to the server.

JavaScript is fast, interactive, and dynamic. But very unstable because it can be turned off on your computer (which many people do for various reasons). At that point, they lose the validation and the form won't be checked before being sent. Sometimes the form won't work at all.

Server-side means the validation programming is not displayed publicly. When data is validated server-side, it means the data is sent to the server, where the code is stored and the form is checked, then it gets sent back through the browser to the client. Server-side is safe because it can't be turned off and stable because it works on all browsers.

Since the validation happens at the server level, it takes a little longer.

Yes. In ProFormplus, we use client-side validation backed up by server-side validation. So forms can be completed fast, but will not allow any malicious code insertion if a hacker turns off the JavaScript. This also makes it stable - working on all computers and on all browsers.

Many websites display the E-Mail address in the webpage, using a default system called mailto to enable site visitors to contact them. The problem with this method is it leaves the E-Mail address open for collection by SPAM-bots, and the address is passed on to advertisers. So the E-Mail system actually generates more spam than genuine contacts. Thus, website-generated spam.

SPAM-bots are automated software systems that search website code for E-Mail addresses. They are fast and efficient, requiring virtually no human intervention. They can race through the entire code of a website in seconds looking for E-Mail addresses only, which get passed on to advertisers.

Spam can be sent automatically, thousands at a time, which can overload your bandwidth. Spammers can even use your bandwidth to send spam to others. This can shut down your website. At that point, spam is more than a mild irritation.

The real irony of having mailto is that it is not usable by most website visitors because they don't know how to configure the SMTP on their browser. Don't feel bad if you don't know what that means. Most people don't. That's the point. So if they want to E-Mail you they must go through a multi-step process to send a message, going off the site to their own E-Mail service, copying and pasting into their compose page. Sending website visitors away from your site is a bad idea.

There are ways to hide your E-Mail address, but the options don't work on all browsers, and sometimes still use mailto, or force them off the site to make contact. The best way to hide an E-Mail address and still have contact from your site is to have a contact form.

A contact form is a way that a website lets a site visitor send an E-Mail to them through the site without having to go to an E-Mail provider (which involves log-in and passwords and is a multi-step process).

A contact form will hide your E-Mail address. But to protect you from spamming that can shut down your site, it should also have a Security Code (Captcha Code) for ultimate security.

If more web professionals were aware of the risks, or able to deal with them, then maybe website security wouldn't be the biggest concern on the Internet. The fact is, corporate AND non-corporate sites are being targeted for malicious activity by spammers and hackers.

The Security Code (Captcha Code) is a picture of letters and/or numbers that can't be read by software, but only be seen by a human. Because of that, it insures that a human is filling out the form.

SSL encrypts data so that a third person can't see the transmission. So far, so good. But it does NOT protect your site against malicious code. In fact, it is absolutely worthless without server-side validation. It only means that a hacker can transmit malicious code without any third party seeing it!

SSL is needed if you regularly transmit sensitive data, like bank card info or social security numbers. It does slow down loading time, and should not be used as a band-aid cure for secure programming. We offer SSL through Comodo.

No. First, we do not store the form data. One way is to put the form code on your website. You need to have a server that enables PHP4. Or, you can have the form as an Inline Frame (also called a "remotely hosted form") which requires no special hosting.

It means that the form is being pulled from our site onto yours. The form, however, is on your webpage, so there is no break in the user's website use. In fact, they see the your URL in the browser's address window and are still on the site after the form is submitted. You can also have the form code in your own website code.

ProFormPlus works the same either way. There is a price difference. The code-in-site option has a one time fee and upgrades are offered for a minimal charge. The Inline Frame has a monthly fee and upgrades are free, plus it takes no special hosting on your part. Whatever you decide, we can put forms on any website, from the corporate to the small and simple.

Copyright ©2007 ProFormPlus.com

Home| Links| FAQ| Site-Map| Solutions| Demos| Company| Contact-Us