I have also noticed under "Edit existing forms" part of your site,
that personal data including email addresses and urls that people are using are being stored and displayed to everyone. This, I'm sure is not very cool to people using your program to create a working form. There should be a way for you to purge the data entered while still displaying the form structure.
Just my 2 cents.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I didn't use Fantastico. I stumbled onto your beta version while looking through Fantastico. I eventually found your 3.0 version, and really am glad that someone decided to do this.
What I am referring to by privacy is :
On this page (http://phpformgen.sourceforge.net/new_demo/phpformgen/)
Under the "Edit existing forms" section, where it says "you have 50 form projects stored in the database"
Well those forms sometimes contain the personal data of those who created them. I wouldn't want to use your generator only to find out that other people could visit your site and see the form i created 10 minutes earlier with my email address, website, and database name etc. in the form fields.
That is the privacy issue I'm trying to point out here. Don't get me wrong, I love what you are doing.
Maybe, I'm just a little new to beta app testing sites, I don't know.
Thanks for your time.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
People need to realize this is a public and open source site. We do not encourage people to put private information on this site but we also at the same time allow people to do most anything they want to do.
Once the form is created and posted on their own site it is not much different. Most of the same informations is still available in one form or another. Anything posted on a web site must be considered public. No matter how hard you try, one way or another if someone wants your data they will find a way to get it. So you have to ask yourself, why would anyone really want my data? If the answer justifies strong protection then you would never post in an open forum anyway.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hey look, You have to realize that the people most likely using your generator know little or no programming. So they probably have no idea that it's a bad idea to enter personal information. You said you do not encourage people to enter private information. However, under "Delivery settings" they are prompted to enter either their database information, their email address, or a file. The redirect, also gives out their url to their site. Most people searching for personal data, aren't going to bother if you make it harder for them to get. Your site is more like fish in a barrel.
Is there a way to purge the data included in the input fields before adding the form to the database?
Either that, or it might be good of you to include a short paragraph explaining why it might be a bad idea to include private information while using this generator.
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There is a released copy of the generator that people can have and do what they want with. The new version is a "DEMO" site. People are using it for real forms and they are going to do what they want with it. Neither you or I are going to change that.
Don't put so much thought into it.
1.) It is being used heavily and forms don't last long on the list.
2.) As a demo site it will eventually be removed.
3.) When it is removed people will be able to download their own version of the generator.
Relax and enjoy, it's not that big a deal.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
As TNT pointed out, this is a "demo" site. Which means it is meant for people to come "try" it out, and help us find bugs in the process, which we can then fix and work our way towards a proper release. It is not meant to be used for production level work, although I realize that most people use it anyway. I cannot stop them from doing so. I also understand that most people who are using our software don't know much (if anything at all) about programming. But I do expect them to have common sense that when they come to a "DEMONSTRATION" site, they should not enter any sensitive information.
Now, it seems like the demo site will be on duty for a while longer, since I have very little time to work on the final release version. Therefore, I will try to add in some IP protected option to delete forms after you have downloaded them. Remember though, that if you really want to purge any sensitive information, you can always go in and delete the form fields from your pages, and/or override it with garbage info. So there is really no excuse of not being secure, even on a demo site. Its all up to you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Here is the deal.
When you store and display the last 50 or so form entries for everyone to see, they contain the private info if the user happened to put it in. You should either remove the past form entries section, or figure out a way to purge the fields so that they aren't displaying personal information.
If this all seems too complicated, a simple paragraph explaining to your visitors why they shouldn't enter their personal information like email address (when prompted by your beta form) would be acceptable. Here's an example:
Hey folks, this is a beta test site. Feel free to test out the wonderful form generator, but keep in mind,
that all of the information you enter (email address, database name, url etc.) is stored and can be easily viewed by other users of this generator.
As for bugs, I tried pointing out a big one (in my opinion) in a thread entitled Verification/Security which hasn't gotten a response.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I agree that this ia a MAJOR security issue. I've been looking for a online form generator and stumbled upon your site. How the HECK are people supposed to know that forms they create are being created for the world to see all the data??? I thought that was the ONLY way the site worked. There is no download link.,..only links to the demo page. How are people supposed to know that you are supposed to download and install on there own server when no apparent download link is available??
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Austin,
phpformgenerator v3 is online demo only. Its been in demo/beta mode for a considerable amount of time now. If you would like to download and install phpformgenerator on your own server, you can get version 2.09c from sourceforge.net.
Installing phpformgenerator on your own server takes some knowledge of your operating system, php, mysql, email, etc. It is not for everyone. That is where the online version really shines. Anyone can use it.
Beware, Version 3 has many more features than version 2.09c, but for a basic form, it works great.
As far as the security issue goes, it is unfortunate that data can be seen by all. BUT, this is a DEMO site. That is the way demo sites work. Anyone that does not realize this should consider staying off the internet. It is just too dangerous for them.
IMHO
drh
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Whoops. I wish I would of know about this. I generated the form from the demo with an email I get no spam at at the present time. My form hasn't showed up in the 50 list. I hope it doesn't because that email address was extremely private with only personal business contacts knowing it. Sigh, crap and who knows, maybe I will get lucky and nobody will look at my form if it shows up. Fat chance since the title has the words "Order Form" in it. I guess I'm the moron because I didn't see any warning about the public display of my information and should "have known" grrrrrrrrrrrrr
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have also noticed under "Edit existing forms" part of your site,
that personal data including email addresses and urls that people are using are being stored and displayed to everyone. This, I'm sure is not very cool to people using your program to create a working form. There should be a way for you to purge the data entered while still displaying the form structure.
Just my 2 cents.
If you used Fantstico you probably got version 2.x in which case you should consider using the beta 3.0 version instead.
I didn't use Fantastico. I stumbled onto your beta version while looking through Fantastico. I eventually found your 3.0 version, and really am glad that someone decided to do this.
What I am referring to by privacy is :
On this page (http://phpformgen.sourceforge.net/new_demo/phpformgen/)
Under the "Edit existing forms" section, where it says "you have 50 form projects stored in the database"
Well those forms sometimes contain the personal data of those who created them. I wouldn't want to use your generator only to find out that other people could visit your site and see the form i created 10 minutes earlier with my email address, website, and database name etc. in the form fields.
That is the privacy issue I'm trying to point out here. Don't get me wrong, I love what you are doing.
Maybe, I'm just a little new to beta app testing sites, I don't know.
Thanks for your time.
People need to realize this is a public and open source site. We do not encourage people to put private information on this site but we also at the same time allow people to do most anything they want to do.
Once the form is created and posted on their own site it is not much different. Most of the same informations is still available in one form or another. Anything posted on a web site must be considered public. No matter how hard you try, one way or another if someone wants your data they will find a way to get it. So you have to ask yourself, why would anyone really want my data? If the answer justifies strong protection then you would never post in an open forum anyway.
Hey look, You have to realize that the people most likely using your generator know little or no programming. So they probably have no idea that it's a bad idea to enter personal information. You said you do not encourage people to enter private information. However, under "Delivery settings" they are prompted to enter either their database information, their email address, or a file. The redirect, also gives out their url to their site. Most people searching for personal data, aren't going to bother if you make it harder for them to get. Your site is more like fish in a barrel.
Is there a way to purge the data included in the input fields before adding the form to the database?
Either that, or it might be good of you to include a short paragraph explaining why it might be a bad idea to include private information while using this generator.
Thanks
There is a released copy of the generator that people can have and do what they want with. The new version is a "DEMO" site. People are using it for real forms and they are going to do what they want with it. Neither you or I are going to change that.
Don't put so much thought into it.
1.) It is being used heavily and forms don't last long on the list.
2.) As a demo site it will eventually be removed.
3.) When it is removed people will be able to download their own version of the generator.
Relax and enjoy, it's not that big a deal.
"don't put so much thought into it"
If you say so...
As TNT pointed out, this is a "demo" site. Which means it is meant for people to come "try" it out, and help us find bugs in the process, which we can then fix and work our way towards a proper release. It is not meant to be used for production level work, although I realize that most people use it anyway. I cannot stop them from doing so. I also understand that most people who are using our software don't know much (if anything at all) about programming. But I do expect them to have common sense that when they come to a "DEMONSTRATION" site, they should not enter any sensitive information.
Now, it seems like the demo site will be on duty for a while longer, since I have very little time to work on the final release version. Therefore, I will try to add in some IP protected option to delete forms after you have downloaded them. Remember though, that if you really want to purge any sensitive information, you can always go in and delete the form fields from your pages, and/or override it with garbage info. So there is really no excuse of not being secure, even on a demo site. Its all up to you.
Here is the deal.
When you store and display the last 50 or so form entries for everyone to see, they contain the private info if the user happened to put it in. You should either remove the past form entries section, or figure out a way to purge the fields so that they aren't displaying personal information.
If this all seems too complicated, a simple paragraph explaining to your visitors why they shouldn't enter their personal information like email address (when prompted by your beta form) would be acceptable. Here's an example:
Hey folks, this is a beta test site. Feel free to test out the wonderful form generator, but keep in mind,
that all of the information you enter (email address, database name, url etc.) is stored and can be easily viewed by other users of this generator.
As for bugs, I tried pointing out a big one (in my opinion) in a thread entitled Verification/Security which hasn't gotten a response.
I agree that this ia a MAJOR security issue. I've been looking for a online form generator and stumbled upon your site. How the HECK are people supposed to know that forms they create are being created for the world to see all the data??? I thought that was the ONLY way the site worked. There is no download link.,..only links to the demo page. How are people supposed to know that you are supposed to download and install on there own server when no apparent download link is available??
Austin,
phpformgenerator v3 is online demo only. Its been in demo/beta mode for a considerable amount of time now. If you would like to download and install phpformgenerator on your own server, you can get version 2.09c from sourceforge.net.
Installing phpformgenerator on your own server takes some knowledge of your operating system, php, mysql, email, etc. It is not for everyone. That is where the online version really shines. Anyone can use it.
Beware, Version 3 has many more features than version 2.09c, but for a basic form, it works great.
As far as the security issue goes, it is unfortunate that data can be seen by all. BUT, this is a DEMO site. That is the way demo sites work. Anyone that does not realize this should consider staying off the internet. It is just too dangerous for them.
IMHO
drh
Whoops. I wish I would of know about this. I generated the form from the demo with an email I get no spam at at the present time. My form hasn't showed up in the 50 list. I hope it doesn't because that email address was extremely private with only personal business contacts knowing it. Sigh, crap and who knows, maybe I will get lucky and nobody will look at my form if it shows up. Fat chance since the title has the words "Order Form" in it. I guess I'm the moron because I didn't see any warning about the public display of my information and should "have known" grrrrrrrrrrrrr