What are the best practices to follow when remotely customizing Salesforce for a client --- to assure them that the integrity of their data/code will not be compromised?  For example, if the client requests a new Visualforce page that pulls data from custom objects, the developer will need to access those objects (as well as any associated validation rules, workflows, etc.)

How is this situation typically handled?  Does the client grant sys admin access to one of their Sandbox accounts?  How are customizations deployed and tested in the Production environment?

Sorry if this question was posted in the wrong forum --- I wasn't sure where it belonged.

Thanks,

Barb

Hi there,

Could anyone help me with the  steps  to upload an app for security review in appexchange.

FYI  I logged into appexchange and filled all the details under private listings and i couldn't get the option to upload package and  Start Review button.

Any help would be appreciated.

Many Thanks

I'm using BURP Suite to test our Force.com Sites application but the limits had been exceeded within 30 minutes of testing. The sites record had shown that 10.2 minutes of execution time had been made (out of the 10 minutes available) and 5mb out of 500mb.

Now this, I'm not surprised since the BURP suite is making an average of around 500 requests per page.

What am I doing wrong? Or what should I be doing to prevent this from happening? Should I submit a case to increase the request limits?

Can anyone help me in telling the procedure how to map different urls into Brup suite

Hi,

We'd like to implement SSO using Salesforce as the identity provider.

It seems this can be done in 2 ways:

• Since Winter 11, with SAML ( http://developer.force.com/releases/release/Winter11/Salesforce+Single+Sign+On and https://login.salesforce.com/help/doc/en/identity_provider_about.htm ) but this second link says that it is only available to Entreprise and Unlimited editions.
• Using http://wiki.developerforce.com/index.php/Single_Sign_On_for_Composite_Apps that only needs the API access so it can be done for Professional edition accounts with API access enabled.

What are the best practices to follow when remotely customizing Salesforce for a client --- to assure them that the integrity of their data/code will not be compromised?  For example, if the client requests a new Visualforce page that pulls data from custom objects, the developer will need to access those objects (as well as any associated validation rules, workflows, etc.)

How is this situation typically handled?  Does the client grant sys admin access to one of their Sandbox accounts?  How are customizations deployed and tested in the Production environment?

Sorry if this question was posted in the wrong forum --- I wasn't sure where it belonged.

Thanks,

Barb

I want to publish an force application bassed on flex framework . 

I want to do some security check and follow the security process to valide this application .

I look to : http://security.force.com/ and don't find anything related to application using Flex instead Apex and visualForce .

Thanks iun advance for you response .

Hello everyone. We've recently moved to more locked down server env. 

While testing out our website move to the new server env. we've found that webservice API call to salesforce consistently fails.

We had to ask our server host add firewall rules to allow connection to Salesforce.

We decided to use FQDN and added www.salesforce.com (443).

This initially worked for us.

However, on the day of golive (today) during testing, connections were starting to fail. After studying the WSDL generated from Salesforce, we decided to open na6-api.salesforce.com(443). This failed again because response was coming back from ns0-api.salesforce.com.

Are there set URLs that we need to have on our firewall rules? It seems like due to load balancing, these URLs change? 

I desperately need assistance on this.

thank you.

Do you need to go through a security review even if you don't want to publish your app on App Exchange.