function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Sachin_KSachin_K 

Regarding the custom settings in managed package

Hi,

 

We have developed a managed package for App Exchange but kept the custom settings as public so that admin can have access to it. We are storing the api keys in the custom settings but no username or passwords. will it amount as threat in security review.

 

Aprreciate the help here.

 

Thanks,
Sachin 

 

aalbertaalbert

Yes  - There is a whole section on security.force.com that talks about how to handle this: http://wiki.developerforce.com/page/Secure_Coding_Storing_Secrets

 

I recommend using a protected custom setting and having your managed code insert/update the data in the custom setting.