3 Replies Latest reply on Oct 19, 2018 12:44 PM by Sanford Whiteman

    PURL Login Pages

    Andrew Zebulske

      Hi everyone,

       

      We are looking to create a login page that someone has to put in a password and brings them to their PURL. We have sensitive information on the PURL that needs to have a password to access.

        • Re: PURL Login Pages
          Sanford Whiteman

          Please move the thread to Products (Move link is at the right). This isn't a support space.

          • Re: PURL Login Pages
            Sanford Whiteman

            Thanks for moving.

             

            To the degree that the Marketo Unique Code (the "p" in "pURL") is itself a Base36 password, you can create a gate LP and require people to enter their Unique Code, which is then forwarded to their pURL. The problem with this is that the Marketo Unique Name is an alternate way of accessing the pURL, and that's not at all hard to brute-force since it's usually a combo of first, last, and numbers. (Interestingly, if someone is created without a First Name and Last Name the Unique Name is suitably random.)  Also note pURLs don't work without the (in)famous pURL fix applied, though that's a minor matter.

             

            A more sophisticated way is using the Forms Asset API (only because it'll be maddening to do by hand, you could technically do it in the Form Editor) to create a form with a humonguous range of different passcodes using the Download Passcode method. This would create a relatively unguessable entry point.

             

            A third method is to create a separate Domain Alias in Marketo and serve pages on that domain (and that domain only) via a CDN that applies actual password protection. If the underlying Marketo LP names are secret and random (think a GUID like pages.example.com/156510fb-ae5a-474c-ae4b-4ba1a094076b.html) then the only practical way of accessing the page will be via the password route.

             

            If it's not clear from these 3 answers, there is no out-of-box way to do what you describe with a Marketo LP, which are (however erroneously) expected to not contain sensitive information.

            • Re: PURL Login Pages
              Sanford Whiteman

              OP please return to this thread and read responses.