I'm looking at using Gravitate for a client, however we are wondering if the form data is encrypted before it leaves the browser, or if the encryption only happens server-side, after leaving the browser?
From what I've read, I'm guessing that the form data is submitted and travels to the server in plain text, where it is encrypted by PHP and stored in the database. Then, when it needs to be displayed in the WP Admin area, it's pulled from the DB, decrypted by PHP and sent in plain text to the browser.
If I'm correct, I wonder if there is any way some additional encryption (even if it's weak) could be added so that the data never travels in plain text?
Yes, we use SSL, however we are looking for some additional protection. In addition, we've considered using the plugin on pages that are not SSL protected, because nothing else on the page is sensitive except the form data, but in those cases, we would definitely need the data encrypted while it travels across the network.
Looking forward to hearing from you. Thanks.