Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar
SOLVED

SQL Injection

Go to solution
Anonymous
Not applicable
‎01-22-2013 01:21 AM
‎01-22-2013 01:21 AM

Hi

I dont find anything on the community about sql injection risks on Marketo forms.
I assume this is because Marketo is safe from those risks.
Can someone confirm?
 

Many thanks in advance

Tags (1)
0 Likes
1,603
Reply
1 ACCEPTED SOLUTION
Anonymous
Not applicable
‎01-22-2013 05:15 AM
‎01-22-2013 05:15 AM
I've never seen any -1's come through anywhere I wasn't expecting them.  And it's not like you can echo field values straight to a query in a landing page, there's a ton of script handling in between the service and your page.

View solution in original post

0 Likes
1,557
Reply
4 REPLIES 4
Anonymous
Not applicable
‎01-22-2013 08:35 AM
‎01-22-2013 08:35 AM
Just to follow up on this- we do outside security audits that check for this type of issue (and others!) and carefully review code changes to ensure we aren't introducing these sorts of risks. All user input data is carefully handled and never used in a SQL statement without being properly escaped.
0 Likes
1,557
Reply
Anonymous
Not applicable
‎01-22-2013 06:36 AM
‎01-22-2013 06:36 AM
The biggest risk would be PHP code injection. The HTML block disables PHP tags.

0 Likes
1,557
Reply
Anonymous
Not applicable
‎01-22-2013 05:44 AM
‎01-22-2013 05:44 AM
Thanks CraiGrrr for your reply, feel better now 🙂
0 Likes
1,557
Reply
Anonymous
Not applicable
‎01-22-2013 05:15 AM
‎01-22-2013 05:15 AM
I've never seen any -1's come through anywhere I wasn't expecting them.  And it's not like you can echo field values straight to a query in a landing page, there's a ton of script handling in between the service and your page.
0 Likes
1,558
Reply
Home