Hello,
I see that using the JavaScript SDK that requires to expose the site-id to the client, anyone can run this simple code
_cio.identify({
id: 'fakeuser',
email: 'fakeuser@gmail.com'
});
and that user it is actually created in the People collection. So a malicious user can run this million times with different ids and to spam our people collection which contains real identified users.
Is there a way to prevent this?
Thank you.