Hello,
We have some PDFs that we share with our visitors once they fill up a form.
Problem is: if someone has link to that PDF then he can directly download this resource without filling up the form.
Is there a solution to prevent direct access to any files that are uploaded to Marketo?
No, Marketo isn't typically the place for assets requiring authentication.
To have links that don't work (or stop working) when forwarded requires one of two measures:
[1] Authenticated sessions
[2] Signed links
[1] isn't possible with Mkto.
[2] in fact is possible -- if you serve all Marketo assets via a CDN and, where necessary, use a webhook to create personalized, signed links before sending URLs to leads. That's not an easy setup but it accomplishes the goal.
Hello Sanford Whiteman,
Thanks for your guidance in this.
I am not able to find anything how can I use 'Signed Links' in Marketo. Can you pls enlighten me?
On CloudFront, for one example, we generate signed URLs: Using Signed URLs - Amazon CloudFront. Same exists on lots of other clouds, like Google.
Naturally, this means you need to have a webservice to generate such URLs. It's something you can do w/FB but the rest of your infrastructure would have to be set up, too. Or if you use Google's gsutil or Amazon's presign, you could generate the URL offline and put it in a token.
Thanks for this reply, it will surely help me deciding the pathway for this problem.
That's interesting.
In the webhook example I assume you can just limit the length of time of the download to a short time.
In the offline example.. how do you stop someone just forwarding the signed URL?
Right, the webhook-generated URL allows for tighter control of the time-to-live.
A bulk upload would have to be more generous, like uploading 1-week TTLs on the day you send an email.
Webhook is therefore a better call. Either way, there is a period where it could be forwarded, but you're making a good faith (and real) effort to stop it from wildly proliferating.