function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
mike1983mike1983 

Loging Into Sales force

Ok this is a pretty dumb question/requirement that is a "must have" from one of my clients. I am inclined to just say no, but I am doing my due diligence here. 

 

Is there a way for me to make a salesforce login page custom on a separate site? Basically just create a website with a login that HTTP_Posts to salesforce and logs in a user, maybe using cURL or something.

 

My expectation is that SalesForce would block such attempts as a security risk (I would).  But if someone knows this is either possible or impossible that would be very helpful.

 

Thanks 

Best Answer chosen by Admin (Salesforce Developers) 
aalbertaalbert

Yes, you can do a login via a FORM POST. Here is a thread on a similar topic.

But using this solution, please note that users can still go to the standard salesforce.com login page and login. 

 

 

All Answers

aalbertaalbert

Yes, you can do a login via a FORM POST. Here is a thread on a similar topic.

But using this solution, please note that users can still go to the standard salesforce.com login page and login. 

 

 

This was selected as the best answer
mike1983mike1983

Wow I would figure they wouldn't want you do that, and would block the requests. (Especially not via GET) That makes it pretty easy to get peoples accounts locked from a script.  

 

That could be really annoying if some jerk just wrote a script to purposely fail a username's logins 3 times and lock everyones accounts. And it would only take like 5 minutes to write that.  I would only accept posts that originated from my domain (salesforce.com), or set some session variable to true before attempting to read the posts.

 

But thanks, this is great info. I really appreciate it. 

Message Edited by mike1983 on 11-17-2009 09:13 AM
aalbertaalbert

You can whitelist an acceptable IP range you want to allow people to access your salesforce.com environment from. For example, your corporate network IP range can be whitelisted under Network Access. So if I figured out your username and wrote that malicious script from my home network, your environment would block that request since its not originating from a valid IP range you define.

 

 
mike1983mike1983

Ah nice thanks. I was actually just thinking try every possible email. Like a mail bomb to lock all SF users Accounts. But atleast that way I will be protected.

 

Thanks again.