Security

 

Your Responsibilities

With Wufoo being so flexible, a good amount of power and customization to collect any sort of data is granted. As a Wufoo user it is recommended to understand your data, and use best practices when viewing and accessing it. This way, you can ensure that the data submitted into your account is kept secure, and that you maintain the level of trust needed with the people filling out your forms. With that in mind, please look over the following guidelines.

  • Secure Accounts - If you plan on collecting sensitive data, upgrading to one of our secure ($29.95+) accounts is the first step in protecting that data. It will ensure that your data collected through forms, and viewed with reports, is protected by 128 bit SSL encryption.

  • Email Notifications - Because emails sent from Wufoo are not encrypted, data sent via the email notifications should not be considered secure. Depending on the sensitivity of the information, you may want to stick to viewing data solely through our secure RSS feeds or API.

  • Encrypted Fields - Wufoo offers the ability to encrypt up to 5 fields for secure accounts. In addition to storing the data securely on our servers, encrypted fields will not be sent out in email notifications. This offers a good alternative if you absolutely need emails, but do not want certain data to be seen.

  • Public Access - The best way to view your Wufoo account is at home or work using a secure connection to the internet. This isn’t always possible with travel, so when you are viewing your data from a public internet connection, be informed that your data is at risk.

  • File Attachments & Downloads - If you are using a plan that supports SSL, the file will be transmitted securely to your Wufoo account. When it comes to downloading the file at a later date, there are a few notes you should take into consideration. All files are given a public URL — this means that if someone types in the URL, the file begins downloading. That said, the URL is encrypted and extremely difficult (if not impossible) to guess. This URL is available to you in the Wufoo Entry Manager and to anyone who receives email notifications for each form submission. Only share this URL with those you trust. When it comes to public reports, files are given a separate URL. This is so that when you delete the report, the files are no longer accessible. To sum up file downloads, there is an encrypted URL that will never change that you should share with those you wish to have permanent permission to a file, and then public URL’s for reports that only work as long as the report is available.

What measures does Wufoo take?

Wufoo also has a responsibility to actively pursue security. Currently, we do that on both a code and hardware level (managed by our hosting partner, BitPusher).

  • Physical Security - The data center is in a locked building, and entrants need to badge in through two doors to enter the facility. As well as cameras at each entrance to the data center, there are motion sensors that track where each person moves throughout the data center. The space BitPusher manages is separately locked and accessible only to BitPusher and data center staff. The servers themselves are then inside locked cabinets within BitPusher’s space, and only BitPusher staff have access.

  • Network Security - There’s an outside routing layer which provides basic filtering (more about handling denial of service attacks than protecting data). All network traffic then passes through one of the (redundant) firewalls, which are heavily locked down and only allow the specific services being made available publicly. Within that, there is a NAT layer, and only public services are defined here. Each BitPusher customer is on a separate VLAN and separated from other customers at this layer.

  • Server Security - We follow a large list of best practices to ensure server security. These include only installing needed services, diligent application of security updates/patches, detailed monitoring and file system integrity checking. We also have a very limited set of people authorized to access the servers (except through the public-facing services), with administrative access restricted to BitPusher staff.

  • Code Security - In addition to implementing features the increase security, we have to maintain best practices on the backend to ensure your account remains secure. We monitor sessions to restrict access of your account appropriately, and have constructed Wufoo in a way that every account is isolated. Safeguards are in place to try and detect common attacks such as SQL injection and cross site scripting. Most importantly, we actively review our code for potential security (in addition to evaluating all user feedback) so that we can address any issues as quickly as they arise.

Spam

Nobody loves spam, so Wufoo does its part to try and prevent it before it reaches your account. In an effort to balance the needs of our users who want to insure the integrity of their data with our desire to promote best practices for high converting forms, we implemented a smart captcha system in Wufoo that tries to automatically detect abusive behavior and only show a captcha test in those situations.

Even though we have made a mass attack on all accounts difficult, and even a single attack on a specific, targeted form challenging, some spam may still get through. In this case, the best thing you can do is contact support and report the problem. This allows us to stop it as quickly as we find it, and to see if we can add additional measures. Additionally, if you delete the spam entries yourself within 24 hours (or within any timeframe by contacting support) they will not count against your monthly totals.