You need to sign in to do that
Don't have an account?
Nic 121
How to hide salesforce backend from customer community users
Hey there,
We have built a (soon to be) public website using customly styled VF pages integrated with the SF backend.
Visitors to the site can view the custom VF pages as a Customer Community Guest user. Users can also self register and become Customer Community users where they can follow products, certain users, post ideas, etc. As a result, these objects must be visible to customer users.
Now the problem is, if a user types in www.thecommunitysite.com/003, for example, they will be able to access the SF CMS and see a complete list of contact names. Our functionality relies on contacts being visible, yet we don't reveal actual user names in our system - just display names. This list view being accessible destoys the privacy we need to have in place.
Mitigations:
Surely there must be a way of creating a secure VF Community website where the names of products, customers, and campaigns can be secure.
I appreciate any help you guys can give,
Cheers
We have built a (soon to be) public website using customly styled VF pages integrated with the SF backend.
Visitors to the site can view the custom VF pages as a Customer Community Guest user. Users can also self register and become Customer Community users where they can follow products, certain users, post ideas, etc. As a result, these objects must be visible to customer users.
Now the problem is, if a user types in www.thecommunitysite.com/003, for example, they will be able to access the SF CMS and see a complete list of contact names. Our functionality relies on contacts being visible, yet we don't reveal actual user names in our system - just display names. This list view being accessible destoys the privacy we need to have in place.
Mitigations:
- I can use JS to autoredirect users upon arrival. This is not secure enough alone.
- I can override the list view with a custom VF page that redirects users. This is fine, except the user will still be able to access the list if they enter www.thecommunitysite.com/003?nooverride=1.
- I can create a blank page layout for the page, so that even if they do select a contact, or enter a full contact ID, they will only be able to see the contact name.
Surely there must be a way of creating a secure VF Community website where the names of products, customers, and campaigns can be secure.
I appreciate any help you guys can give,
Cheers