I'm trying to use Marketo Forms and have a couple of issues that Im' hoping someone may have resolved, or have a reasoning for why there are not issues:
1) If I create a simple form with First Name, Last Name and Email Address then anyone could enter anyone else's details and change the First Name/Last Name of any of our leads. There is no way of us knowing whether that was done legitimately or not. Some sort of email confirmation would perhaps be useful.
2) If a user decided to modify that form (easily done via most browsers) and adds extra fields then they can modify other information on any of the leads too (e.g. Phone Number, Job Title, Company). I would expect that when you create a form,, the server-side validation would only accept values for those fields, not any fields you decide to pass.
Please advise as currently we cannot use Marketo Forms due to those reasons, the second being the most critical.
But that would prevent updates from ALL forms wouldn't it? I'd expect security to work per form, so that only the fields exposed in the form can be updated.
Form A contains fields:
Form B contains fields:
If a user submits Form A and decides to modify the form dynamically (which is easy to do) to add a Job Title field then it should still only update First Name, Last Name and Email Address.
If a user submits Form B then Job Title should be updated as it is valid for that form.