Professional Documents
Culture Documents
Overview
Protecting the privacy of customer data and maintaining trust are salesforce.coms core values. The Force.com platform has numerous built in security features and protections, which can be utilized by our org administrators and developers. In addition, a number of free security resources are available to assist developers with education, design and development of their applications.
Cheat Sheet
ESAPI Functions Force.com
SFDCAccessController Class
ESAPI security library for Force.com available at http://code.google.com/p/force-dot-com-esapi. Provides access control functionality to enforce CRUD/FLS and sharing in the Force.com platform. setSharingMode() Configures the library to operate with sharing, without sharing, or to inherit sharing. Configures the library to require all operations be successful or to omit changes for which the user does not have access. Insert objects while respecting the user's access rights. Update objects while respecting the user's access rights. Delete objects while respecting the user's access rights. Return a list of object fields that are viewable by the current user. Return a list of object fields that are updateable by the current user. Return a list of object fields that are creatable by the current user.
setOperationMode()
getUpdateableFields()
getCreatableFields()
SFDCEncoder Class
SFDC_JSENCODE
Provides text escaping functions for Force.com. isAccessible() Escapes data for use in JavaScript quoted strings. Escapes data for use in JavaScript quoted strings that will be used in HTML tags. Escapes data for use in HTML tags. Escapes data for use in URLs according to RFC 3986 syntax.
isUpdateable()
SFDC_JSINHTMLENCODE
isDeleteable()
SFDC_HTMLENCODE SFDC_URLENCODE
Provides standard algorithms for creating digests, message authentication codes, and signatures, as well as encrypting and decrypting information using AES. Encryption keys should be stored securely within a Protected Custom Setting. encrypt() Encrypts the blob clearText using the specified algorithm, private key, and initialization vector. Use this method when you want to specify your own initialization vector. Encrypts the blob clearText using the specified algorithm and private key. Use this method when you want salesforce.com to generate the initialization vector for you. Decrypts the blob cipherText using the specified algorithm, private key, and initialization vector. Decrypts the blob IVAndCipherText using the specified algorithm and private key. Use this method to decrypt blobs encrypted using the encryptWithManagedIV method. Generates an AES key of the specified size. Computes a one-way hash digest based on the input string and algorithm. Computes a message authentication code (MAC) for the input string, using the private key and the specified algorithm. Returns a random Integer. Returns a random Long. Computes a unique digital signature for the input string, using the supplied private key and the specified algorithm.
isAccessible() isUpdateable()
encryptWithManagedIV()
decrypt()
decryptWithManagedIV()
generateAesKey() generateDigest()
generateMac()
http://developer.force.com
Special objects that support a "protected" mode for storing sensitive information like encryption keys. Returns a map of the data sets defined for the custom setting. List custom settings only. Returns the "lowest level" custom setting data set for the specified dataset name, user ID, Profile ID, or current user (depending on parameters and setting type). Identical to getValues() for List custom settings. Returns only the custom setting data set for the specified dataset name, user ID, Profile ID, or current user (depending on parameters and setting type). Returns the custom setting data set for the organization. Hierarchy custom settings only.
Session Settings
Setting Name Timeout value Disable session timeout warning popup Lock sessions to the IP address from which they originate Require secure connections (https) Enable caching and autocomplate on login page
Controls available for general session handling settings, including session timeout. These settings can be found under Setup | Security Controls | Session Settings. Description Idle session time to automatically log user out of Salesforce. Disable the warning browser pop-up when a user is about to be logged out from the idle session timeout. Force the user session to remain locked to the IP address from which the user authenticated. May impact AppExchange installations. Require HTTPS on all page requests. Allow the users browser to store and auto-complete usernames or passwords after first login. Recommended 30 minutes Yes
getValues()
getOrgDefaults()
Yes No
Password Policies
Setting Name User passwords expire in Enforce password history Minimum password length Password complexity requirement Password question requirement Maximum invalid login attempts Lockout effective period
Controls available for enabling password restrictions and account lockout settings. These settings can be found under Setup | Security Controls | Password Policies. Description Frequency to automatically expire passwords. How many previous passwords to save to prevent password re-use. Minimum length of a password. Should the password contain a mix of letters and numbers. Require the users password hint to not contain the password. How many invalid logins are allowed before locking out the account. How long should an account remain locked out. Recommended 90 days 5 passwords remembered 8 characters Must mix alpha and numeric Cannot contain password 5 30 minutes
Salesforce provides several types of audit logs for monitoring logins and changes to your organization. Location Setup | Manage Users | Login History Setup | Security Controls | View Setup Audit Trail Setup | Customize | [object type] | Fields | Set History Tracking
All successful and failed login attempts are recorded and saved for 180 days. Every configuration (Setup) change is logged and archived for 180 days. Selected standard and custom fields can be enabled to track the change history.
Sensitive Permissions
Permission Author Apex Customize Application Download AppExchange packages Manage Users Modify All Data Description
When using profiles, we recommend reviewing profiles for these sensitive permissions. Permissions per profile can be viewed at Setup | Manage users | Profiles.
Login and Authentication features and restrictions. These settings should be enabled as appropriate for your company. Location Setup | Security Controls | Network Access (everyone) Setup | Manage Users | Profiles (individual profiles) Setup | Manage Users | Profiles
Can modify and deploy Apex. By default, Apex code runs with full administrative privileges. Make configuration changes to the organizational settings. Install or uninstall packages from the AppExchange.
The ability to create or modify user accounts, including logins, sharing rules, and login restrictions. This permission gives the user the ability to create, edit, or delete all data in Salesforce. Prevent the password from expiring. View all data owned by other users.
Delegated Authentication: Contact Support Federated Authentication: Setup | Security Controls | Single Sign-On Settings
Design
Self Assessment Tool Book Office Hours
Development
Secure Coding Guidelines Security Coding Library (ESAPI)
Testing
Force.com Security Source Scanner Web Application Security Scanner
Release
AppExchange & OEM Security Review Process Incident Response
11/8/10