4 Replies Latest reply on May 28, 2014 8:27 AM by 57105

    Marketo Forms Security Flaw

           Hi,

           I'm trying to use Marketo Forms and have a couple of issues that Im' hoping someone may have resolved, or have a reasoning for why there are not issues:

           1) If I create a simple form with First Name, Last Name and Email Address then anyone could enter anyone else's details and change the First Name/Last Name of any of our leads. There is no way of us knowing whether that was done legitimately or not. Some sort of email confirmation would perhaps be useful.

           2) If a user decided to modify that form (easily done via most browsers) and adds extra fields then they can modify other information on any of the leads too (e.g. Phone Number, Job Title, Company). I would expect that when you create a form,, the server-side validation would only accept values for those fields, not any fields you decide to pass.

           Please advise as currently we cannot use Marketo Forms due to those reasons, the second being the most critical.
            

           Thanks,
           Mark