PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Privacy Access To Form Data & Uploaded Content

Gravity Support Forums » Plugin Support » Gravity Forms

  1. perspective
    Member

    I am running a job board website and have just realized that the gravity form data and any associated attached resumes and photos can somehow now be accessed via Google Search - which of course is NOT GOOD!

    I need to ensure that these are not publicly available BUT that certain registered users CAN access them, i.e. the person that has paid for the job advertisement. I have the add on plugin but I need to have the resumes and photos accessible via the emailed version of the form that the employer receives - is this possible? To allocate access to content associated with a specific form to just one specific registered user and not to anyone else publicly?

    Please help urgently as I need to stop these being available publicly.

    The website is http://www.timesharestaff.com

    Many Thanks.

    Paul

    Posted 12 years ago on Friday November 4, 2011 | Permalink

  2. Chris Hajer
    Key Master

    The entries can only be accessed by the public if you are creating posts. If you don't create posts, the entries are not accessible without proper role or permissions.

    Are you creating posts when you really don't want to?

    Posted 12 years ago on Friday November 4, 2011 | Permalink

  3. Chris Hajer
    Key Master

    Or, if you want to create posts, password protect them. Then they can't be accessed without the password (visitors or search engines.)

    Posted 12 years ago on Friday November 4, 2011 | Permalink

  4. perspective
    Member

    As far as I am aware I am not creating posts, just form entries that include resume and photo upload fields. I can assure you that both the forms and the uploads are being indexed by Google and are all accessible. I don't believe this was always the case but it certainly is now and we have people complaining that their data is viewable publicly.

    I don't want to create posts and password protect them as we have hundreds of form submissions per week, I just want to be able to restrict general access but allow one individual (not admin) per form access - or find a way of attaching the uploaded data to the email notification that is sent out, in which case I can simply lock down all uploads from public viewing.

    Any ideas?

    Thanks for you help with this...

    Posted 12 years ago on Friday November 4, 2011 | Permalink

  5. Chris Hajer
    Key Master

    Forms will be indexed if they are embedded in a public page or post that allows indexing by your blog's plugin or privacy settings.

    Can you point to a result in Google that you feel should not be there? Maybe then we can figure out how it got there.

    For uploads, it's possible those are being indexed, but if they're not linked to any pages or posts on your site, the upload directories should be protected with an .htaccess file with "Options -Indexes" or an index.html file to prevent a directory listing that could be indexed.

    Thanks.

    Posted 12 years ago on Saturday November 5, 2011 | Permalink

  6. mmtrav
    Member

    I have had this exact same issue as well. I noticed before a recent GF update that there wasn't index.html files in all the directories but then after the update there was files. It seems that my folders got indexed and I am now manually moving the files to another directory.

    I read somewhere earlier that Wordpress upload folders might get indexed automatically, any more better solutions for this problem in the future would be appreciated.

    Posted 12 years ago on Thursday January 5, 2012 | Permalink

  7. Chris Hajer
    Key Master

    If you have DirectoryIndexing turned on on your server, the lack of an index.html (or index.php) file in a directory will allow a directory listing to be served. This is a server configuration issue. WordPress adds an index.php file in many directories, to prevent that from happening, despite the misconfiguration. Gravity Forms did the same thing in one of the recent releases, to prevent indexing of specific folders, even when the web server is configured to allow this.

    The easiest thing to do is add:

    Options -Indexes

    to your root .htaccess file. If the web server allows overrides like that in .htaccess (if it does not, you will receive a 500 Internal Server Error) that will prevent directory listings in folders that have no index file.

    There are many references to this online. Here's one:
    http://www.ducea.com/2006/06/26/apache-tips-tricks-disable-directory-indexes/

    Posted 12 years ago on Thursday January 5, 2012 | Permalink