Apex Code Development You need to sign in to do that
Don't have an account?
Lost Access to Sandbox - Workbench Hack or Security Hole?
I recently found myself locked out of my sandbox because I was on a new computer. When I tried to log into the sandbox, it was sending an email with the verification code to the email address munged when the sandbox was created, i.e., email=email.com@example.com. This munging was implemented a couple of years ago to prevent automated processes from sending reports, chatter feeds, approval requests, etc. from the sandbox to unsuspecting users.
BTW, munge is a highly techical term defined here.
What I was able to do is log onto Workbench from my computer, edit my email address back to email@email.com. Once I confirmed the email address change, I tried to log in again to the sandbox. This time the verification code was sent to email@email.com. With the new verification code, I was able to log in without problem.
So . . .
Should I always use my mobile phone to receive the verification code? I do not think mobile phone numbers are munged.
BTW, munge is a highly techical term defined here.
What I was able to do is log onto Workbench from my computer, edit my email address back to email@email.com. Once I confirmed the email address change, I tried to log in again to the sandbox. This time the verification code was sent to email@email.com. With the new verification code, I was able to log in without problem.
So . . .
- Will this hack work all the time? Or was it because the location of my Workbench was a web site that had previously accessed the sandbox? Or was it because the version of Workbench I used is pretty old, version 29.0.
- Is this a security hole? Why was I able to log in via Workbench without verification? Same questions as above.
Should I always use my mobile phone to receive the verification code? I do not think mobile phone numbers are munged.