+ Start a Discussion
Ashish Shah 10Ashish Shah 10 

Is calling third party web services from visual force page (through JavaScript) a security risk?

I am currently developing a CTI app for Salesforce using the new salesforce Open CTI API. I wanted to understand if there are any security concerns from salesforce if the JavaScript code inside the visual force page of my app makes a cross-domain call to the CTI web-services of my telephony system hosted on another server. Actually the kind of implementation I have for my demo app is I am making cross-domain calls to my CTI web-services hosted on a server for directing my telephony system to make outbound/inbound calls using the JavaScript code written in the visual force pages and use the apex classes to get customer details from sales force. I just wanted understand that is making a cross domain call from the visual force page a security risk according to sales force? Or is the above configuration accepted by sales force  security review process? Kindly note that the web-services will be hosted in a secure fashion over https. I am asking this query as I wish to host this app on App Exchange in future once it's fully developed.
Dev.AshishDev.Ashish
there are some considerations while utilizing cross domain calls... please refer http://msdn.microsoft.com/en-us/library/cc709423(v=vs.85).aspx