Form Bank FAQs
- Last Modified:
- 29 Jan 2019
- User Level:
What level of security is used?
TERMINALFOUR generates a unique RSA public/private key pair. The public part of this key-pair is uploaded onto Form Bank. This upload can only be completed over Secure HTTP (HTTPS). The private part of the key-pair remains on your server at all times. All form data is submitted to Form Bank over HTTPS. Once form data is received on the Form Bank server, it is immediately encrypted using the client's public key, before being saved into the database. This data cannot be decrypted without the private key.
How do email notifications work?
You can configure who receives a notification email when a new submission is created, this includes TERMINALFOUR Users and Groups. You can also add the email addresses of non-TERMINALFOUR users. The mail that is sent includes the submission content and is HTML.
Does the Form Builder require the live website to interact with the TERMINALFOUR server?
No - a connection between the web server and the TERMINALFOUR server is not required. Please see the architecture section for further information.
Submissions are stored temporarily on the Form Bank servers. The Form Bank does not require direct access to the TERMINALFOUR server. However, the TERMINALFOUR server needs access to download the configured forms and the generated submissions. On a timed basis (via a scheduled task), the TERMINALFOUR application will connect to the Form Bank server (using HTTPS). Once correctly authenticated the application will download all new encrypted form data. When the encrypted form data has been downloaded, it is decrypted using the customer's unique private key and added to the TERMINALFOUR database. Once this download has completed successfully, the data is then deleted from the Form Bank server. When the first submissions for a form are downloaded to the TERMINALFOUR server, a Content Type is created. The submissions are then saved in the Content Type in a hidden Section outside of the main hierarchy. This Section can be accessed from the form listing page. Please note that submissions can then be mirrored into a Section and published as regular content.
Can file upload sizes be limited on a per-upload field basis?
When selecting file input fields, you have the option to add a file to the media library or to upload the file as a file element. When choosing the media option the size of the file will be restricted in the same way that your media is restricted.
Can we restrict file types on a per-upload field basis?
Yes, it is possible to specify permitted file extensions under the validation options for File inputs.
Are the files scanned for malicious code/viruses upon upload?
This is dependent on the anti-virus setup on the users PC and the TERMINALFOUR Server.
How are the files stored/accessed? Is it possible to have them easily downloaded?
Submitted files cannot be easily accessed outside of TERMINALFOUR. They are protected using the client's license and encrypted using the private key that was generated when connecting to the Form Bank. Once the file is downloaded to TERMINALFOUR, it is attached to the submission content and can be published like any other file that is part of the system.
Please see "How are submissions stored?".
Where are the Form Bank servers located?
We currently have four locations available as follows:
- North Virginia, USA
- Sydney, Australia
- Central Canada
What redundancy is provided for the Form Bank servers?
The Form Bank servers comprise multiple nodes in a cluster. This will provide both the performance and resilience required for this service.
What happens if my TERMINALFOUR server is down?
The submissions will be stored on the Form Bank server until the scheduled task on the TERMINALFOUR server requests to download them.
The forms will still operate as they are called from the Form Bank server.
Can I use my own Form Bank server?
At the moment you can use the SaaS Form Bank servers provided by TERMINALFOUR. If there are sufficient requests for client-specific Form Bank servers, we will consider this in the future.
It is recommended but not required. The form will work via a web server with http, as it will be loaded over https and submitted over https on the Form Bank server. If the site has https, then the browser will display it as being secure, this is why we recommend the site also runs over https.
A Cross-Site Request Forgery (CSRF) token is used to guarantee one-time form submissions to prevent spam. When the form is requested, the browser is given a token. The form can only be submitted once with the token and before the token expires.
In addition, reCAPTCHA can be added to your form.