Apex Code Development You need to sign in to do that
Don't have an account?
Damon Encrypted Custom Field with Apex
Folks,
I'm attempting to use Encrypted Fields and I think I need some guidance on their use in the context of storing passwords for use with a remote web services API. The situation is this:
I want to add Username and Password fields to the Users object, and I want the password field to appear masked when viewed by other users. (Masking during input would be nice, but I can live without it.) Here's the key requirement without which I cannot live, though: I need my Apex code (executed via an S-Control snippet exposed as a Custom Button) to be able to read the Encrypted Field's value to authenticate successfully against a remote web services API.
Here's the main issue:
The MASKED data is used internally unless the user has "View Encrypted Data" enabled in their profile.
This is a big one. I can't feasibly add the "View Encrypted Data" privilege to every user's profile; while doing so will ostensibly allow Apex code to access the field's actual value (rather than a masked value), this also makes the field viewable to anyone with access to the relevant record. This negates any value gained by using the Encrypted Field to store sensitive data (since it becomes visible to everyone with access to the record).
I thought about trying to implement some kind of privileged code execution wherein the Apex code is run as a user with "View Encrypted Data" privileges while the end users do not have this privilege. That would seem to solve the problem. Unfortunately, I can't find a way to do this.
In addition, adding the "View Encrypted Data" privilege would likely require creation of a new (custom) profile. Since these can't be included in application packages, this would represent yet one more manual step required of the users installing a custom application (in addition to, for example, Layout changes and Remote Site Settings for allowing use of a remote web services API).
Have I missed something fundamental here? Any suggestions or advice would be very welcome.
Thanks,
Damon
I'm attempting to use Encrypted Fields and I think I need some guidance on their use in the context of storing passwords for use with a remote web services API. The situation is this:
I want to add Username and Password fields to the Users object, and I want the password field to appear masked when viewed by other users. (Masking during input would be nice, but I can live without it.) Here's the key requirement without which I cannot live, though: I need my Apex code (executed via an S-Control snippet exposed as a Custom Button) to be able to read the Encrypted Field's value to authenticate successfully against a remote web services API.
Here's the main issue:
The MASKED data is used internally unless the user has "View Encrypted Data" enabled in their profile.
This is a big one. I can't feasibly add the "View Encrypted Data" privilege to every user's profile; while doing so will ostensibly allow Apex code to access the field's actual value (rather than a masked value), this also makes the field viewable to anyone with access to the relevant record. This negates any value gained by using the Encrypted Field to store sensitive data (since it becomes visible to everyone with access to the record).
I thought about trying to implement some kind of privileged code execution wherein the Apex code is run as a user with "View Encrypted Data" privileges while the end users do not have this privilege. That would seem to solve the problem. Unfortunately, I can't find a way to do this.
In addition, adding the "View Encrypted Data" privilege would likely require creation of a new (custom) profile. Since these can't be included in application packages, this would represent yet one more manual step required of the users installing a custom application (in addition to, for example, Layout changes and Remote Site Settings for allowing use of a remote web services API).
Have I missed something fundamental here? Any suggestions or advice would be very welcome.
Thanks,
Damon