Apex Code Development You need to sign in to do that
Don't have an account?
Philip Meldrum08237737677563425 Exception Handling and the Security Review
Our App has been rejected in the Security Review because of 'Information Disclosure'
"Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack. An information leak occurs when system data or debugging information leaves the program through an output stream or logging function"
The tester managed to break one of our triggers, and an error was displayed:
Error: Invalid Data.
Review all error messages below to correct your data.
Apex trigger aiAP1.aiAPtrig_OrderItem caused an unexpected exception, contact your administrator: aiAP1.aiAPtrig_OrderItem: execution of BeforeInsert caused by: System.NullPointerException: Attempt to de-reference a null object: (aiAP)
What I'm doing is adding a try..catch... in all trigger and using addError to say:
SALESFORCE do not allow error messages from Appexchange apps - so all I can tell you is you did something wrong. Please ask your System Admin to contact Alpha Publisher
Any comments?
Is this common practice? Or do you try to write to an error log so you at least have some chance of fixing the issue?
"Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack. An information leak occurs when system data or debugging information leaves the program through an output stream or logging function"
The tester managed to break one of our triggers, and an error was displayed:
Error: Invalid Data.
Review all error messages below to correct your data.
Apex trigger aiAP1.aiAPtrig_OrderItem caused an unexpected exception, contact your administrator: aiAP1.aiAPtrig_OrderItem: execution of BeforeInsert caused by: System.NullPointerException: Attempt to de-reference a null object: (aiAP)
What I'm doing is adding a try..catch... in all trigger and using addError to say:
SALESFORCE do not allow error messages from Appexchange apps - so all I can tell you is you did something wrong. Please ask your System Admin to contact Alpha Publisher
Any comments?
Is this common practice? Or do you try to write to an error log so you at least have some chance of fixing the issue?