Security

Overview
Protecting the privacy of customer data and maintaining trust are salesforce.coms core values. The Force.com platform has numerous built-in security features and protections, which can be utilized by our org administrators and developers. In addition, a number of free security resources are available to assist developers with education, design, and development of their applications.

Security Cheat Sheet

ESAPI Functions Force.com
SFDCAccessController Class
setSharingMode() ESAPI security library for Force.com available at http://code.google.com/p/force-dot-com-esapi. Provides access control functionality to enforce CRUD/FLS and sharing in the Force.com platform. Configures the library to operate with sharing, without sharing, or to inherit sharing. Configures the library to require all operations be successful or to omit changes for which the user does not have access. Insert objects while respecting the users access rights. Update objects while respecting the users access rights. Delete objects while respecting the users access rights. Return a list of object fields that are viewable by the current user. Return a list of object fields that are updateable by the current user. Return a list of object fields that are creatable by the current user. Returns whether or not the current user is authorized to view a given list of fields of a given object. Returns whether or not the current user is authorized to create a given list of fields of a given object. Returns whether or not the current user is authorized to update a given list of fields of a given object. Returns whether or not the current user is authorized to delete a given object.

Sharing Keywords Force.com

Controls record-level security of data. These keywords are used in Apex class declarations. with sharing without sharing <unspecified sharing> Operate with the calling users sharing rights. Recommended. Operate without the calling users sharing rights. Generally only recommended for classes doing reporting or data aggregation. Inherit sharing from calling class. Not recommended for Visualforce controllers or Web services.

setOperationMode() insertAsUser() updateAsUser() deleteAsUser() getViewableFields() getUpdateableFields() getCreatableFields()

CRUD (Create, Read, Update, Delete) Force.com

Controls object-level security of data. These are standard sObject and field methods. isCreateable() Returns true if instances of this object can be created by the current user, false otherwise. Returns true if the current user can see instances of this object type, false otherwise. Returns true if instances of this object can be updated by the current user, false otherwise. Returns true if instances of this object can be deleted by the current user, false otherwise.

isAuthorizedToView() isAuthorizedToCreate() isAuthorizedToUpdate() isAuthorozedToDelete()

isAccessible()

isUpdateable()

SFDCEncoder Class
SFDC_JSENCODE SFDC_JSINHTMLENCODE SFDC_HTMLENCODE

Provides text escaping functions for Force.com. Escapes data for use in JavaScript quoted strings. Escapes data for use in JavaScript quoted strings that will be used in HTML tags. Escapes data for use in HTML tags. Escapes data for use in URLs according to RFC 3986 syntax.

isDeleteable()

FLS (Field Level Security) Describe Calls Force.com

Controls access to object fields. These are standard sObject and field methods. isCreateable() Returns true if the field can be created by the current user, false otherwise. Returns true if the current user can see this field, false otherwise. Returns true if the field can be edited by the current user, false otherwise.

SFDC_URLENCODE

Crypto Class Force.com

Provides standard algorithms for creating digests, message authentication codes, and signatures, as well as encrypting and decrypting information using AES. Encryption keys should be stored securely within a Protected Custom Setting. encrypt() Encrypts the blob clearText using the specified algorithm, private key, and initialization vector. Use this method when you want to specify your own initialization vector. Encrypts the blob clearText using the specified algorithm and private key. Use this method when you want salesforce.com to generate the initialization vector for you. Decrypts the blob cipherText using the specified algorithm, private key, and initialization vector. Decrypts the blob IVAndCipherText using the specified algorithm and private key. Use this method to decrypt blobs encrypted using the encryptWithManagedIV method. Generates an AES key of the specified size. Computes a one-way hash digest based on the input string and algorithm. Computes a message authentication code (MAC) for the input string, using the private key and the specified algorithm. Returns a random Integer. Returns a random Long. Computes a unique digital signature for the input string, using the supplied private key and the specified algorithm.

isAccessible() isUpdateable()

encryptWithManagedIV()

Visualforce Escaping Functions Force.com

Server-side functions to escape data to prevent cross-site scripting. Example: <html><head><title> {!HTMLENCODE($Request.title)} </title></head></html> JSENCODE JSINHTMLENCODE Escapes data for use in JavaScript quoted strings. Escapes data for use in JavaScript quoted strings that will be used in HTML tags. Escapes data for use in HTML tags. Escapes data for use in URLs according to RFC 3986 syntax.

decrypt() decryptWithManagedIV()

generateAesKey() generateDigest() generateMac() getRandomInteger() getRandomLong() sign()

HTMLENCODE URLENCODE

http://developer.force.com

Custom Setting Methods

Special objects and field methods that support a protected mode for storing sensitive information like encryption keys. getAll() Returns a map of the data sets defined for the custom setting. List custom settings only. Returns the lowest level custom setting data set for the specified dataset name, user ID, Profile ID, or current user (depending on parameters and setting type). Identical to getValues() for List custom settings. Returns only the custom setting data set for the specified dataset name, user ID, Profile ID, or current user (depending on parameters and setting type). Returns the custom setting data set for the organization. Hierarchy custom settings only.

Session Settings
Controls available for general session handling settings, including session timeout. These settings can be found under Setup | Security Controls | Session Settings. Setting Name Timeout value Description Idle session time before automatically logging user out of Salesforce. Disable the warning browser pop-up when a user is about to be logged out from the idle session timeout. Force the user session to remain locked to the IP address from which the user authenticated. May impact AppExchange installations. Require HTTPS on all page requests. Recommended 30 minutes

getInstance()

Disable session timeout warning popup Lock sessions to the IP address from which they originate

Yes

getValues()

Yes (if possible)

getOrgDefaults()

Require secure connections (https) Enable caching and autocomplete on login page

Yes

Password Policies
Controls available for enabling password restrictions and account lockout settings. These settings can be found under Setup | Security Controls | Password Policies. Setting Name User passwords expire in Enforce password history Minimum password length Password complexity requirement Password question requirement Maximum invalid login attempts Lockout effective period Description Frequency to automatically expire passwords. Number of previous passwords to save to prevent password re-use. Minimum length of a password. Recommended 90 days

Allow the users browser to store and autocomplete usernames or passwords after first login.

No

Auditing and Logging

Salesforce provides several types of audit logs for monitoring logins and changes to your organization. Setting Name User Login History Setup Audit Trail Object History Tracking Description All successful and failed login attempts are recorded and saved for 180 days. Every configuration (Setup) change is logged and archived for 180 days. Selected standard and custom fields can be enabled to track the change history. Location Setup | Manage Users | Login History Setup | Security Controls | View Setup Audit Trail Setup | Customize | [object type] | Fields | Set History Tracking

5 passwords remembered

8 characters

Controls whether the password contains a mix of letters and numbers. Require the users password hint to not contain the password. Number of invalid logins allowed before locking out the account. Length of time an account remains locked out.

Must mix alpha and numeric Cannot contain password

Sensitive Permissions
Premission Author Apex Description

When using profiles, we recommend reviewing profiles for these sensitive permissions. Permissions per profile can be viewed at Setup | Manage users | Profiles. 30 minutes

Login and Authentication Settings

Login and Authentication features and restrictions. These settings should be enabled as appropriate for your company. Setting Name IP Address Restrictions Description User logins can be restricted to a specific IP address or a range of IP addresses. User logins can be restricted to specified times of the day. Enable delegated authentication or federated authentication via SAML. Location Setup | Security Controls | Network Access (everyone) Setup | Manage Users | Profiles (individual profiles) Setup | Manage Users | Profiles

Can modify and deploy Apex. By default, Apex code runs with full administrative privileges. Make configuration changes to the organizational settings.

Customize Application Download AppExchange packages Manage Users

Install or uninstall packages from the AppExchange.

Time of Day Restrictions

The ability to create or modify user accounts, including logins, sharing rules, and login restrictions. This permission gives the user the ability to create, edit, or delete all data in Salesforce. Prevent the password from expiring.

Modify All Data Delegated authentication: Contact Support Federated authentication: Setup | Security Controls | Single Sign-On Settings

Single Sign-On Options

Password Never Expires View All Data

View all data owned by other users.

For other cheatsheets: http://developer.force.com/cheatsheets

030712