function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Udaya BhaskarUdaya Bhaskar 

Security information needed

Hi All,
 
I have written a java program that uses the method mentioned in the apex api guide to create accounts and contacts. I am using the login method and create method to create accounts and contacts in my developer edition. is this process secure to transfer records from my system to sfdc? i haven't done any thing on my system for ensuring the security..i am assuming the data transfer that is happening uses SSL Protocol by default. I am confident that this data cannot be tampered by third person..please advice me more on this like ..if there is any threat using normal method of account creation pls advice me on  various methods of  ensuring security ...and what extra code should i write for ensuring security..
 
Thanks in advance.
Regards,
Udaya
DevAngelDevAngel
Hi Udaya,

The wsdl file that is used to generate the Java client that handles the API interaction contains a default endpoint specifying the https protocol (SSL).  You can certainly change this to http, but you would have to do that explicitly.  If you are not specifying http explicitly then you are transmistting and receiving over SSL.

The obvious thing that you need to ensure is to keep usernames and passwords protected.  So if your java program is running in a secure environment and you have implemented proper network security on any config files that may have usernames and passwords you will be protected.

Cheers
Udaya BhaskarUdaya Bhaskar

Hi Dave,

Thanks Thanks a lot for the information. can you please explain in more detail what should be done for usernames and password protected.

can you give me a link that says that wsdl file that is used to generate a client that handles the API interaction contains a default endpoint specifying the https protocol (SSL). This will help me in convincing the client.

Regards,

Udaya

 

 
DevAngelDevAngel
Well, if you are running a java program on premise (in your data center behind your firewall) then you would put standard network security in place as you would any software that you want protected.

If you look at the wsdl file, near the very bottom, you will find the default endpoint defined.  Apache Axis uses that part of the wsdl to define the default endpoint.  You will typically use the default endpoint and the endpoint returned in the loginResult object from the login method.  You should never have to parse a url.  To see the generated endpoint in the Java code, look at the SforceServiceLocator class.  You will see the https endpoint hardcoded there.


Cheers