Hi Everyone,

 

Do we have an audit trail or history in the Documents Tab? I am currently adding a link in the documents tab that will allow user to view or print the company forms stored in our server. I am thingking if it is possible to create an audit trail that will monitor which user viewed or accessed or print that particular form. Does someone have an idea?

 

Many Many thanks!

 

Regards,

Del

I'd like to create links to documents on our internal network by copying and pasting the link to those documents instead of uploading and attaching each document. I've completed the necessary set up but when the link is clicked, it doesn't go to the document. I get this error message: Error 6 (net::ERR_FILE_NOT_FOUND): The file or directory could not be found. How can I open the door to my internal network to allow access from within SF to these documents? Thanks Samantha

Howdy!

 

We have a spammer that has got a hold of our web-to-lead form and is submitting false leads.  I ran a test to determine that it is not being submitted from our server.  Is there a way I can filter leads so they only come from our server?  Or any other solution?

 

Jay Ligda

Hi I am trying to use CLI to encrypt password and decrypt the same.

 

I tried following :

 

encrypt -g anil

 

and it returned : 291988e8b2ff083d

 

Now when I tried to decrypt the same using following command: -

encrypt -v 291988e8b2ff083d anil

 

Now it is throwing following error: -

Error decrypting string: 291988e8b2ff083d, error: Given final block not properly  padded

 

Can any one tell me what wrong I did.

 

-Anil

Hi,

 

I have a basic question around security when it comes to integration using web-links. Take a very typical web-link integration example wherein a visualforce page in SFDC has a link/button that has a URL to another internal/external application. When user clicks on the link/button, the visualforce page will make an HTTPS POST to the other application passsing certain hidden parameters like username,email,sessionid,orgid,etc. The other application will use this information to authenticate the user in their system and respond with the appropriate page.

 

Since this was not very secure, an added functionality that we used here in order to make it a more robust and secure is a web service call back to SFDC. For e.g. the other application upon receiving the HTTPS request from SFDC will make a web service call to SFDC (custom apex web service) and pass the same values that was sent over by SFDC to the other app.SFDC web service will then authenticate the request based on username and email address and orgid and then return a true or false.

 

The question is: How secure is this kind of "authentication" mechanism. This is not a true SSO, but appears to be like one. How can we make this kind of authentication more robust without having to enable SAML or SSO? What are the best preactices for an integration using HTTPS post?

 

Thanks

Ambili

Please forgive the naive question but aay I have Profile A - System Admins.... Profile B - System Admins.. How do I give Profile A the capability to perform full admin of Profile A and all it's users without also giving the capability to perform admin over profile B?

In case any of you missed it, Varun is going to be leading a Tech talk on Security next week. Sign up here to attend!

We have some strange effects with respect to attachments. They don't seem to behave like a normal object, which is both concerning and limiting. The problem is:

 

Users are normally restricted to the objects they own and those which are shared with them through the sharing settings. We have shared some of our objects on the basis of roles such that a user can see the records of another in the same department. What we are finding however is the following:

 

• Attachments can be viewed regardless of whether they have access to the parent record

• Attachments can be found and opened in the quick search even if they have no access to the parent record (most disturbing)

The work around to this is apparently to set the IsPrivate flag, however:

• If you set the IsPrivate flag it doesn't respect the normal sharing settings of the parent object (i.e. it is restricted only to the creator of the attachment.)
• If you set the IsPrivate flag you can't open the attachment but the attachment is still listed in searches (you just get an insufficient privileges error)
• If you don't set the IsPrivate flag any user can see any attachment if they search for something obvious like 'pdf'

Is there a workaround? Is there another setting I should look at? Is the security for attachments just broken?

 

Thanks for any assistance.

In one of my application security scanner show the following line have problem .how to fix this type of line in apex controller. 

System.currentPageReference().getParameters().get('ObjType')