Starting November 20, the site will be set to read-only.
On December 4, 2023,
Apex Code Development (90768)
General Development (55146)
Visualforce Development (37251)
Lightning (18265)
APIs and Integration (17146)
Trailhead (11680)
Formulas & Validation Rules Discussion (11337)
Other Salesforce Applications (8116)
Jobs Board (6655)
Force.com Sites & Site.com (4842)
Mobile (2694)
You need to sign in to do that
Don't have an account?
Force.com Hi All,
When two organisations are integrated, what should be the best approach to store the Username and Password of that Org in Salesforce ?
Is it secure to store the credentials in apex class when developing an app-exchange product?
Thanks,
Pragati
See here: http://wiki.developerforce.com/page/Secure_Coding_Storing_Secrets
To summarize, store the value encrypted in a safe place, such as a protected custom setting in a managed package. Make sure your key is secure and not accessible outside your source code. Do not store the key or the value in the view state (e.g. make sure it is transient, or used only within a function call).
All the details are in the link. Also, the Security Review team will let you know if there is a vulernability/risk with how you are storing a secret.
If possible, consider using OAuth instead of storing an actual user name and password, as this is inherently secure relative to storing the password directly (the authenticating organization can revoke access at any time, and a password change will not affect the authenticated organization).