76 results found
-
2 votes
-
Clear Signature and notify sender if recipient verification code was not entered correctly after the 3 attempts
If the Recipient did not enter the verification code correctly after 3 times, the signature field should be cleared. The recipient should have to resign the document again. The sender should also be notified that the code was not entered correctly.
2 votes -
2 votes
-
Critical security feature: Clearly show email of the person who prepared the contract to prevent fishing attack
We use PandaDoc to sign documents with contractors, vendors, etc. Typically someone from the team prepares the contract and then the management (often me) gets an email with a request to sign, sign it and that's it.
The problem is, that there is no way for management to verify, who actually created the contract. There is just the name of that person but no email! This creates a simple attack vector - anyone with PandaDoc can now change their name to match someone from another company, create an arbitrary contract, send it to some person from that company and have…
2 votes -
2 votes
-
2 votes
-
Customize password submission screen for password-protected documents/folders
It would be very helpful to be able to add our own customized text or image to the password submission screen. There is a lot of available screen real estate (see the attached image from https://support.pandadoc.com/hc/en-us/articles/1500002610481--Editor-2-0-Protect-documents-with-two-factor-authentication). There is already a small paragraph of PandaDoc-specific text ("by clicking Submit and using PandaDoc's services..." "...as detailed more fully in PandaDoc's Privacy Notice [linked]."). But since the recipient will enter the password to access OUR documents, it's critical that we can add a bit of our own text as well. This could be something like "by clicking Submit, you agree to confidentiality…
2 votes -
Javascript sdk user authentication
A method that can authenticate the user to automatically log in with the help of API-key or access token.
2 votes -
Certificate that complies with EU applying Regulation (EU) 910/2014.
Ability to change the certificate so it's from qualified trust service provider according to EU applying Regulation (EU) 910/2014.
2 votes -
Password change notification.
Password change notification.
2 votes -
ISO 9001 compliant
ISO 9001.
2 votes -
ACPR Compliant
ACPR (Autorité de Contrôle Prudentiel et de Résolution (ACPR) is the independent administrative authority responsible for monitoring the conduct of financial institutions in France. Apparently in this case it determined that PD security solution is not strong enough
2 votes -
signatures compliant in Thailand.
signatures compliant in Thailand.
2 votes -
CJIS Compliance
Particular agencies need to work with vendors that comply with CJIS standards. More information here: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
2 votes -
Webhook Authentification
I’m pretty confident I should be able to break through the Merge Field bit as I’m sure I’m just doing something daft, but I don’t see how the WebHooks work.
When I provide an endpoint for PandaDoc to call, how do I set any headers or authentication? We don’t allow anything to make completely unauthenticated connections regardless of their origins. There’s mentions of shared keys that can be provided by Panda, but the challenge my end remains that if you cant authenticate with me, we wont even get as far as accepting the request.
2 votes -
Customize Knowledge Based Authentication
Knowledge Based Authentication : Setup a customized questions for clients to answer
1 vote -
Ability for a user to track up to their 10 last logins
The ability for a user to track up to their 10 last logins on their end
1 vote -
PSRE certified
Become PSRE compliant (Indonesia)
1 vote -
Update account information using security questionnaires
Update account information using security questionnaires (add security questions to the account as verification method)
1 vote -
Improve email forward security to prevent impersonation and other risks
When you forward a signature email to another party, this new party can sign as you without anyone the wiser. I perceive this as a potential security breach.
Steps to reproduce:
As sender, prepare a document to be signed by signer1.
Disable the signature forwarding toggle.
Send by email.
As recipient1, forward the email to recipient2 (email forward, NOT the button in the body of the email)
As recipient2, open the document and observe that you are signing as recipient1.On the top of my head, automated email forwarding are particularly problematic in this case, among other security concerns. Also…
1 vote
- Don't see your idea?