Hopefully I'm posting this message in the right place.
Configuring web2lead for various forms for our website I can see that simple local test code can successfully post leads into salesforce.
This seems to be an almighty 'hole' which makes it very easy for someone to write something nasty to fill our system with rubbish, as a simple 'view source' in a browser containing one of our web2lead forms would give them everything they need....
Is there a way to configure salesforce's web2lead servlet to only accept leads that come from a specific domain(s) or specific urls to stop this potential nightmare ???
Hopefully I'm posting this message in the right place.
Configuring web2lead for various forms for our website I can see that simple local test code can successfully post leads into salesforce.
This seems to be an almighty 'hole' which makes it very easy for someone to write something nasty to fill our system with rubbish, as a simple 'view source' in a browser containing one of our web2lead forms would give them everything they need....
Is there a way to configure salesforce's web2lead servlet to only accept leads that come from a specific domain(s) or specific urls to stop this potential nightmare ???
