SOLVED

Progressive Profile - personal identification in source code

Go to solution
Highlighted

Progressive Profile - personal identification in source code

It was brought to my attention recently that in our progressive profiling forms, the pre-populated data shows in the source code. In most cases this isn't an issue. My concern was with personally identifiable data.

Does anyone else feel concerned about this? Has anyone taken steps to remedy this with, say, an external js? Is that even possible in Marketo?

Thanks in advance!!  -Mike

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 10 - Community Moderator

Re: Progressive Profile - personal identification in source code

You should move the question to Products  "Community" is for issues with the Marketo Nation (this website) itself -- and yes, this is confusing!

Anyway, there's no privacy improvement in having such data in an external JS (or any other file) -- it's all plain-text being sent to the browser.  The best thing you should do in this regard is run HTTPS on all your web properties.

View solution in original post

4 REPLIES 4
Highlighted
Level 10 - Community Moderator

Re: Progressive Profile - personal identification in source code

You should move the question to Products  "Community" is for issues with the Marketo Nation (this website) itself -- and yes, this is confusing!

Anyway, there's no privacy improvement in having such data in an external JS (or any other file) -- it's all plain-text being sent to the browser.  The best thing you should do in this regard is run HTTPS on all your web properties.

View solution in original post

Highlighted
Level 10 - Community Moderator

Re: Progressive Profile - personal identification in source code

Also, you don't actually mean Progressive Profiling, just to be clear about this, you mean PreFill. Different functions and ProgPro doesn't require any field values to be passed to the browser (merely the fact that there is a non-empty value for a field is relevant).

Highlighted

Re: Progressive Profile - personal identification in source code

Mike Mason

This doc from our developers.marketo.com site will show you how to do it: http://developers.marketo.com/blog/external-page-prefill/

-Mike

Highlighted
Level 10 - Community Moderator

Re: Progressive Profile - personal identification in source code

Mike, that method just extends the problem (which I don't think is a problem, since it's absolutely unavoidable that data rendered in the page in plain text is, well, readable in plain text) by adding a DoS vulnerability.