Are you using our SaaS platform (Baserow.io) or self-hosting Baserow?
SaaS
What are the exact steps to reproduce this issue?
- Create a form view
- Use your really cool feature : ?prefill_[fieldname]=[fieldvalue]&hide_[fieldname]
- Share the link to the press :'D
Basically, I’m going to have to share a Baserow link in the press and I don’t want people to be able to modify the URL and reveal some fields.
In practical terms, I’m having a field called “origination” and I want this field to be set to “press” if people entered data via press or set to “Social Media” if they came this way etc.
The million dollar question “How can I encrypt the URL so that it’s not as easily modifiable ?”
That’s for the easy part 
Now, in general, opening forms to the public is really cool in my use cases of Baserow but it opens my DB to “DDOS”. I have a limited amount of lines in my DB and if someone decides to spam, they can fill it up in no time.
The billion dollar question “Can you develop a sandboxing system for forms ?”
(as always, you guys rock and thank you for all you’ve done so far)
Hi @Paragon,
Forms make use of the Baserow API, which means they are inherently rate limited to 10 concurrent requests per minute. So it is unlikely that they are susceptible to a DDOS attack of some kind.
In regards to encrypting/encoding the URL, there is no way to do this at this moment.
Well, that 10 request/min is more of an issue than anything in my case here, but it should be fine.
What I meant by DDOS is, I have a limited amount of lines in my DB, so someone could fill them up (granted it’d take time since 100 000 lines is 166 hours) but we’d have no way of preventing it.
And for the URL, no way to do it, got it. Is it somewhere on the dev plan ?
Thanks for the quick reply
It’s 10 concurrent requests, not only 10 requests per minute 
There is no current plan for the url encoding, it has never been requested before. If you make an official request through this category on the forum, the team can officially log the request and process it: Feature Ideas - Baserow
If you did by chance experience some form of attack on your db with mass row creation, I’m sure we could help you remove those in bulk too. The scenario is very unlikely and something that has not happened to any customer that we know of yet.