Expand my Community achievements bar.

Ask our product team on how to best grow your experimentation and personalization strategies with Target during our AMA on May 6th!
Register now
SOLVED

Security of Feeds in Recommendations

Avatar

Level 3
Level 3
12/10/24 11:02:06 AM

The Recommendations Catalog (Feeds) is considered by me as a central place for storing products in Adobe Target. The documentation says that anyone can go and change the data in this catalog using a simple mbox request to update an entity in the catalog: "... Item descriptions can be passed into Target using feeds or mboxes ...". 

 

Lets suppose, the catalog has the following records:

 

entity.id | category.id | message | ...
1 | category1 | message1 | ...
2 | ... | ... | ...

etc..

Lets suppose we have a scenario where:
1) User "A" goes to a page with recommendations activity where they see "mes1" in recommendations related to entity.id=1
2) A bad user "B" updates entity.id=1 by the mbox request with with a message = "bad message"
3) User "A" reloads the page and sees message "bad message"

Is this scenario possible ? If not, why ?

Views

247

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
1/7/25 4:55:53 AM

@kirill_techZone the short answer is, yes the scenario is possible.

I've worked with Adobe Target Recommendation for 15+ years and have not experienced this happen. However, as you point out if a bad user really wants to be bad, then it is doable.


I share weekly Adobe tips on LinkedIn—connect with me!

Every Wednesday: "Something a client recently asked..."

LinkedIn Profile

View solution in original post

Views

118

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
1/7/25 4:55:53 AM

@kirill_techZone the short answer is, yes the scenario is possible.

I've worked with Adobe Target Recommendation for 15+ years and have not experienced this happen. However, as you point out if a bad user really wants to be bad, then it is doable.


I share weekly Adobe tips on LinkedIn—connect with me!

Every Wednesday: "Something a client recently asked..."

LinkedIn Profile

Views

119

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Revenue calculation thanks to recommendations using Web SDK Solved

Views

131

Likes

0

Replies

2
Target not working in a lower environment, authorized host not recognized Solved

Views

153

Likes

0

Replies

3
Where can I preview my feeds? Solved

Views

231

Likes

0

Replies

6
Why does a single user with the same CRM ID (cgrid) see both control and variant experiences in Adobe Target?

Views

132

Likes

0

Replies

2
what is wrong with my feed?

Views

142

Likes

0

Replies

2