At Salesforce, trust is our number one value. When you build apps on the Salesforce Platform, rest assured that they reside in a safe environment. However, as a Salesforce Developer, there are certain concepts and best practices that you need to know to prevent leaking data or creating dangerous app security vulnerabilities. Understand this blog post as a hub for resources around this important topic.
Continue reading “Security for Salesforce Developers”Lightning:container to the rescue
If you have been developing Lightning Components for a while it is probable that you have come up against the feared Locker Service. If you are aware of Summer 18 Locker Service changes, you will know that, luckily, Locker Service restrictions have been relaxed. However, there are still some libraries that are considered unsafe and that cannot run within this context. For those cases, lightning:container comes to the rescue!
Become a Force.com Security Superman
Last week I had the pleasure of presenting at French Touch Dreamin event. I gave a talk about Security, in which I explained some of the main things a developer has to take into account in order that our Salesforce applications are secure. I explained how to take care of CRUD, FLS and sharing, and also of known important vulnerabilities as XSS (cross site scripting), CSRF (cross site request forgery), open redirect or SOQL injection.
CRUD & FLS
This time I want to talk a bit about CRUD & FLS in Salesforce. What do these acronyms mean? Well… it is the way that we have of allowing or restricting who can create, view, modify or delete objects and fields on the platform.
CRUD – Create / Read / Update / Delete
FLS – Field Level Security (visible, editable, hidden)
My Salesforce adventure 