HubSpot Ideas

RLehrhaupt

(Security Recommendation) Confirm email & de-link form fields before info is put into database.

While using the sales meeting page links, I discovered functionality that will be undesired as well as present a security issue. I believe this could be an issue for forms in general.

 

When a form includes a field like "email" which is tied as a unique property to a contact, all associated property fields in the form will be overwritten for a contact if the email they entered exists. This means that if a 3rd party has a list of emails from the database, they could overwrite or erase information in the database.

 

There should be an option to save or not save certain properties of a form to the database (and non-saved entries get logged as responses somewhere else).

 

Additionally, a feature where the user has to validate their email with a code sent to them prior to form responses going directly to the database would be appreciated.

 

0 Upvotes