function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
alexsummersalexsummers 

Sforce security best practices

Good Day!

I'm relatively new with regards to implementing security to Salesforce integration apps.

My problem is how not to display the message "Display non-secure items" when accessing my apps through custom links.

I've learned that to this one has to encrypt the pages, are there best practices on this? Or suggestions on how to do this exactly?

I'm using C#.net in my apps....

I would really appreciate any suggestions

 

darozdaroz
Make sure the page that is called for your integration is secured with SSL...

In other words if your integration URL is http://sfdc.example.com/lead?id=00Q23123123132 install an SSL cert and use https://sfdc.example.com/lead?id=00Q23123123132 instead (note the https instead of http). That will fix your problem - and be more secure for your users too.
alexsummersalexsummers

Thanks

SkowronekSkowronek
Ran across this while searching for solutions so I thought I'd post.

I've been developing various applications that call the SF API directly and now am in need of creating a custom s-control to perfom tasks from w/in saleforce.com itself. I noticed you're using URLs such as:

http://sf.somesite.com/processor?leadId=3214598745613

for the s-control. Is this the only way to perform functions from within a custom s-contol, by passing the IDs directly across? How can one guarantee that someone isn't just going to call that processor directly and cause havoc?

Thanks.
benjasikbenjasik
All operations require you to be authenticated, so even if you had an ID, it doesn't help you.

Scontrols can have the sessionid of the executing user passed in, thus ensuring you're operating on that user's behalf.