Security of Feeds in Recommendations | Community
Skip to main content
kirill_techZone
kirill_techZone
Level 2
December 10, 2024
Solved

Security of Feeds in Recommendations

  • December 10, 2024
  • 1 reply
  • 434 views

The Recommendations Catalog (Feeds) is considered by me as a central place for storing products in Adobe Target. The documentation says that anyone can go and change the data in this catalog using a simple mbox request to update an entity in the catalog: "... Item descriptions can be passed into Target using feeds or mboxes ...". 

 

Lets suppose, the catalog has the following records:

 

entity.id | category.id | message | ...
1 | category1 | message1 | ...
2 | ... | ... | ...

etc..

Lets suppose we have a scenario where:
1) User "A" goes to a page with recommendations activity where they see "mes1" in recommendations related to entity.id=1
2) A bad user "B" updates entity.id=1 by the mbox request with with a message = "bad message"
3) User "A" reloads the page and sees message "bad message"

Is this scenario possible ? If not, why ?

Best answer by kandersen-1

@kirill_techzone the short answer is, yes the scenario is possible.

I've worked with Adobe Target Recommendation for 15+ years and have not experienced this happen. However, as you point out if a bad user really wants to be bad, then it is doable.

1 reply

kandersen-1
Community Advisor
kandersen-1Community AdvisorAccepted solution
Community Advisor
January 7, 2025

@kirill_techzone the short answer is, yes the scenario is possible.

I've worked with Adobe Target Recommendation for 15+ years and have not experienced this happen. However, as you point out if a bad user really wants to be bad, then it is doable.

Test forum signature
Terms & ConditionsAccessibility statement

Loading footer...