Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar
SOLVED

Progressive Profile - personal identification in source code

Go to solution
Michael_Mason
Level 4
Level 4
‎01-26-2017 02:20 PM
‎01-26-2017 02:20 PM

Progressive Profile - personal identification in source code

It was brought to my attention recently that in our progressive profiling forms, the pre-populated data shows in the source code. In most cases this isn't an issue. My concern was with personally identifiable data.

Does anyone else feel concerned about this? Has anyone taken steps to remedy this with, say, an external js? Is that even possible in Marketo?

Thanks in advance!!  -Mike

Labels:
0 Likes
1,361
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-26-2017 02:31 PM
‎01-26-2017 02:31 PM

Re: Progressive Profile - personal identification in source code

You should move the question to Products  "Community" is for issues with the Marketo Nation (this website) itself -- and yes, this is confusing!

Anyway, there's no privacy improvement in having such data in an external JS (or any other file) -- it's all plain-text being sent to the browser.  The best thing you should do in this regard is run HTTPS on all your web properties.

View solution in original post

1,224
Reply
4 REPLIES 4
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-26-2017 02:31 PM
‎01-26-2017 02:31 PM

Re: Progressive Profile - personal identification in source code

You should move the question to Products  "Community" is for issues with the Marketo Nation (this website) itself -- and yes, this is confusing!

Anyway, there's no privacy improvement in having such data in an external JS (or any other file) -- it's all plain-text being sent to the browser.  The best thing you should do in this regard is run HTTPS on all your web properties.

1,225
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-26-2017 02:43 PM
‎01-26-2017 02:43 PM

Re: Progressive Profile - personal identification in source code

Also, you don't actually mean Progressive Profiling, just to be clear about this, you mean PreFill. Different functions and ProgPro doesn't require any field values to be passed to the browser (merely the fact that there is a non-empty value for a field is relevant).

0 Likes
1,224
Reply
Mike_Reynolds2
Level 10
Level 10
‎01-31-2017 09:58 AM
‎01-31-2017 09:58 AM

Re: Progressive Profile - personal identification in source code

Mike Mason

This doc from our developers.marketo.com site will show you how to do it: http://developers.marketo.com/blog/external-page-prefill/

-Mike

0 Likes
1,224
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-31-2017 10:07 AM
‎01-31-2017 10:07 AM

Re: Progressive Profile - personal identification in source code

Mike, that method just extends the problem (which I don't think is a problem, since it's absolutely unavoidable that data rendered in the page in plain text is, well, readable in plain text) by adding a DoS vulnerability.

1,224
Reply
Home