Hi,

I just wanted to check this with others before reporting it as a bug, to see if this behavior is actually by design...

On my dev org, I have generated a Remote Access customer key/secret pair for my SF connectivity app. After setting the OAuth up in my app, the connectivity works fine. But I noticed that I could access the data from other dev orgs with the same customer key/secret combination, even if those orgs didn't have remote access set up (I still had to log in as a different user, though).

Is this standard behavior for dev orgs, and did anyone else notice it?

Hi,

I just wanted to check this with others before reporting it as a bug, to see if this behavior is actually by design...

On my dev org, I have generated a Remote Access customer key/secret pair for my SF connectivity app. After setting the OAuth up in my app, the connectivity works fine. But I noticed that I could access the data from other dev orgs with the same customer key/secret combination, even if those orgs didn't have remote access set up (I still had to log in as a different user, though).

Is this standard behavior for dev orgs, and did anyone else notice it?

Hi, 

For accessing salesforce data we need to set Remote Access setting, and have to pass key ans secret with http requst for generating access token, But is there any way that without set Remote setting and without Key and secret (Just passing salesforce Username and Password) we can access salesforce data?????

Guys, I need to open a web based application from Salesforce. I wanted the application to call back to SFDC to get some data. So I was thinking of passing SFDC session ID and server URL as query string parameters to the destination page. Is it safe to expose the Session ID in URL query string parameters? I am curious on whether the query string parameters in the URL be visible over the network even though the end point is an  "https" URL..? Strangely when you right click a code in Eclipse-Force.com-IDE and select "Force.com>>Show in Salesforce web" it automatically opens up SFDC page by passing the session ID in the URL.However I am curious about how secure sending session ID through URL.? Please let me know your thoughts on it.

Thanks,

Krishna