AnsweredAssumed Answered

Survey123 security questions - Does data get passed through public site?

Question asked by jay.gregory on Jul 22, 2019
Latest reply on Jul 29, 2019 by ichivite-esristaff

I have deployed a couple surveys to our ArcGIS Enterprise 10.6.1.  When filling out the survey through the web, the url is something like:

https://survey123.arcgis.com/share/f9f0421e26ec4006a247dc53085a998f?portalUrl=https://myarcgisenterprise

 

When looking at Chrome developer tools, it seems like the survey123.arcgis.com website is just for the JS and CSS parsing of the form tables, but data submitted through the survey does not go through survey123.arcgis.com, just all through the applyEdits endpoint of the feature service.  Is that correct?  Is there any documentation regarding Survey123 for the security minded folks in our organization, because having the survey123.arcgis.com website in the URL raises some eyebrows. 

 

Is there any way around having to use a public url to submit the form?  Is the only way using one of the native mobile apps or Survey123 connect?  We don't work in an entirely disconnected env., but any documentation that speaks to limiting the amount of external traffic when viewing and submitting forms will go a long way with our security folks.

 

The main issue is, even though data might NOT get passed through survery123.arcgis.com when submitting to ArcGIS Enterprise, we have no control over that, and at some point Esri _could_ decide to capture this data, because we're accessing the form through survey123.arcgis.com.  

 

Thanks!

 

Jay

Outcomes