You need to sign in to do that
Don't have an account?
Heroku Integration - Will this be secure? Alternatives?
Since salesforce.com does not have native Excel processing libraries, a part of my app that processes Excel will be hosted on Heroku.
These Excels are typically loaded into the system by Guest (Sites) users without a username/password, so they don't have a secure session Id associated with them.
Currently I am thinking that admin user will login and schedule an apex job into which inject a session id of the admin login . This session id would be sent via https/ssl to Heroku Excel processer. The Heroku Excel processor which would use the session id for call back to salesforce (to grab the Excel and process data in it). The Heroku app would be stateless - it would not store anything inside database on the Heroku end - essentially it would grab excel from salesforce, process them, and put data back in salesforce.com. It would be single multi-threaded single instance of Heroku app would serve all my salesforce customers.
I am worried that session would be a long living session - it could be months, creating a risk for session highjacking.
Any other alternatives I should consider? OAuth? Seems like I would have to Oauth tokens on Heroku side in db.
Here are some pointers on top of my mind right now:
Overall, I have used Heroku in a few apps, and got it security approved from salesforce as well, as long as you are taking care of securely storing the tokens, and not accessing APIs without authentication, you should be good to go !
Hope this helps !!