I am considering purchasing this product to use on a site where the form results will preferably be emailed however they must be sent via SSL and encrypted. Is this product capable of providing this?
Or do I need to have the form results saved in a database in order to accomplish the encryption?
Currently Gravity Forms does not send encrypted emails. If you wanted it to send an encrypted email you would have to customize the code to do so.
Out of the box Gravity Forms does not encrypt the data saved in the database. It is possible to do it as a customization via available API hooks and filters but requires custom code to implement. Encryption of data is something we plan on introducing as an Add-On down the road.
Good Afternoon,
In reading this post I think I can write the custom code to encrypt the email (I currently have a gpg script running that encrypts and sends email). My question is more along the line of how can I add my custom code to the plugin without it being overwritten when I run an update? thank you for your help in advance.
Sincerely,
Aaron K.
You would create your customization by using the available hooks and filters to customize Gravity Forms with custom code you place either in your themes functions.php file or in your own plugin that you create. Because this code resides outside of Gravity Forms it won't get overwritten by updates.
Documentation for all the available hooks and filters for customizing Gravity Forms can be found here:
http://www.gravityhelp.com/documentation/page/Developer_Docs
Hello, poking around for answers on this subject myself. Is there any update about this being an Add-On?
There is no update. It hasn't been a highly requested feature so it isn't something we have focused on. We would like to make an add-on that makes it easy to encrypt and decrypt form field data, however i'm not sure how that will play into encrypted email notifications as well.
Right now we have higher priority Gravity Forms enhancement, add-on development and Gravity Charge development that is more pressing so there is no timetable.
But it is something that a 3rd party developer could create too, there are a lot of 3rd party add-ons for Gravity Forms.
Encrypting the data is currently possible. See:
http://www.gravityhelp.com/documentation/page/Gform_get_field_value
http://www.gravityhelp.com/documentation/page/Gform_save_field_value
Discussion:
http://www.gravityhelp.com/forums/topic/decrypt-from-database
I am also very interested in this feature as it involves medical history forms. I have an SSL certificate on my WordPress Site, so if I retreive the form results from the database, I will be in compliance with HIPAA law, but it would be really smooth to be able to have encrypted emails sent automatically to a designated emal address(s). If I purchase your product, will I be able to customize the code with the $39 version, or will it require an add-on (via the $99 version)?
Thanks
You can customize the code with either version. The different licenses allow usage on more sites, and access to different add-ons. However, for this customization you don't need any add-ons.
The developer license also gives you access to priority support. But you don't need any of that to accomplish the customization that is addresses in this topic.
nbi123
Member
I'd love to see a built in encryption feature that would allow us to select any field of data collected, and specify that the data is encrypted while stored in the database.
Massachusetts law (since 2011 - Mass 201 CMR 17) requires that any sensitive data (example: credit card number, drivers license, social security number) be encrypted while the data is "at rest" - meaning stored in the database.
This law will be enacted in several other states over the coming few years.
My work-around is that I changed the email notification settings to say "new submission, click here [link to list of form#'s entries] to view." The email doesn't have to be encrypted, and the WordPress user needs to login via an HTTPS login page.
Encrypting data in the database is different, of course.
Also very interested in a built-in encryption feature. Would love to be able to store SSN, etc. encrypted in the database.
I think it's important to differentiate between "encrypted" and "encoded". From the docs, I see the base64_encode() function referenced incorrectly as "encrypted". Instead, it's "encoded". Encoded just means not in plain text. Encryption requires a key to encrypt and then that same key to decrypt. This article explains it better than I can: http://www.blesta.com/2009/07/26/encoding-vs-encryption/
Does Gravity Forms have any "encryption" documentation, or only "encode" documentation?
Thank you.
FYI: http://www.gravityhelp.com/documentation/page/Gform_get_input_value
decrypt_field and decode_field in the code sections is inconsistent.
Clifford - We do not have any encryption documentation beyond what you've already pointed out.
Could encryption work for uploaded files as well?
My users would submit powerpoints, PDF's, etc. containing HIPPA-sensitive information.
I don't think it is something that is easily doable. It might be easier to secure access to the uploaded files rather than encrypting them and storing them after removing the originals. If you have a current Gravity Forms license please begin a new topic if you would like to explore the amount of work this would require. Thank you.
http://www.gravityhelp.com/forums/forum/gravity-forms#postform
