You need to sign in to do that
Don't have an account?
Ashish Shah 10
Is calling third party web services from visual force page (through JavaScript) a security risk?
I am currently developing a CTI app for Salesforce using the new salesforce Open CTI API. I wanted to understand if there are any security concerns from salesforce if the JavaScript code inside the visual force page of my app makes a cross-domain call to the CTI web-services of my telephony system hosted on another server. Actually the kind of implementation I have for my demo app is I am making cross-domain calls to my CTI web-services hosted on a server for directing my telephony system to make outbound/inbound calls using the JavaScript code written in the visual force pages and use the apex classes to get customer details from sales force. I just wanted understand that is making a cross domain call from the visual force page a security risk according to sales force? Or is the above configuration accepted by sales force security review process? Kindly note that the web-services will be hosted in a secure fashion over https. I am asking this query as I wish to host this app on App Exchange in future once it's fully developed.
Dev.Ashish
there are some considerations while utilizing cross domain calls... please refer http://msdn.microsoft.com/en-us/library/cc709423(v=vs.85).aspx