Tag Archives: Security

Adding Salesforce PIN Security To Native And Hybrid Mobile Apps

Security is perhaps the No.1 feature of Salesforce. Salesforce provides multiple layers of security at every level starting from servers to mobile SDKs. One such security feature is “PIN Security” feature. Enable it and it will force mobile (i.e. both Native or Hybrid SDK) users to set 4 to 8 digit passcode for their app. Once enabled, if the user switches to a different app and comes back after some specified time, the app will ask for the passcode! Sweet, isn’t it?

Even cooler part is that it’s built-in and with few simple configurations, your users are ready to use it. Let’s see how it works. Continue reading

Oct 19: Free Code Consultation Sign-ups for Cloudforce NY

Since the Code Consultations at Dreamforce ’12 were jam packed, I have decided to make the Code Consultations part of the Developer Zone at Cloudforce NY on October 19. The consultation will provide you help architecting or coding your application, as well as get technical help with building applications in the cloud. Reserve you private 1-on-1 code consultation with a Force.com expert.

Spots are going fast, so reserve now!… Continue reading

Schema Builder, Layouts and Field Level Security

Thanks to the updated Developer Console and Schema Builder’s new ability to manipulate the data structure directly, I’ve been spending a lot more time in my browser to build out applications.  There is one way Schema Builder currently behaves, however, that developers should be aware of when creating new objects and fields.

Currently the builder behaves in the same way that creating metadata via the Metadata API (the API currently used in the Force.com IDE) works – it doesn’t, by default, create and field level security settings.  The result is that, even as System Administrator you don’t see your… Continue reading

Using Keychain for Secure Text on OS X

I’ve been playing with using the Force.com Migration Tool with a TextMate bundle, ForceDotBundle for a bit now (and yes, a full blog post on that bundle is forthcoming).  However, I had one concern with the approach.  Every project I created needed a build.properties file, which in turn needed to have the username and password in clear text on the filesystem.  I sometimes juggle a lot of different projects for short periods of time, so the possibility of simply having old passwords scattered around was quite real.  Also, I have this tendency to display code on large monitors in front of… Continue reading

Winter ’12: Efficient, Manageable Security Policies with Permission Sets


Profiles are the foundation of any Database.com or Force.com security policy implementation. With the Winter ’12 release, permission sets now complement profiles, letting you more efficiently implement and manage your organization’s security policy. Read on for a quick primer on perm sets.

A Quick Review of Access Controls

The profile that you assign to a user controls basic things like when the user can log in, from where, and among other things, which database objects and fields a user can access. After that, object-specific features such as organization-wide record sharing models, role hierarchies, groups, and sharing rules determine… Continue reading

Let There Be Light

With the Winter Release ’12 of Database.com comes the general availability of a “Light” user license. What is a Database.com Light license? For those new to Database.com, perhaps this question is best answered in the broader context of Database.com security.

When you configure a Database.com security policy, you’ll start by building user profiles. The available permissions you can configure for a profile depend on the user license you associate with the profile.

For example, system administrator profiles use the Database.com Admin license, the only type of license that provides access to powerful, system-level access controls. Non-administrator profiles use… Continue reading

Generating valid self signed certificates for localhost development


Recently upgraded your Ruby version and had troubles with your self-signed certs, or looking for some simple instructions on creating valid self signed certificates for localhost development? Here are a few tips to get you up and running again. Continue reading

Rails 3: which strategy for authenticating to Force.com is the best for me?


There has been some recent discussions on the activesalesforce Google groups about the best options for authenticating against the Force.com database for building apps. Here are a few thoughts based on the major user stories I see, and how to approach them Continue reading

Connecting Google App Engine and Salesforce.com with oAuth


Community member Jeff Douglas recently contributed a great new project to Code Share. The Force.com oAuth project provides a sample Java webapp deployed in Google App Engine which uses oAuth to connect to Salesforce.com Continue reading

The Chatter Evolution

Week 1 of the Chatter Dev Zone is drawing to a close. I have seen the conversations shift from general social chit-chat, to ideas exchange, and real collaboration. Now it is time to start understanding the power of Chatter through what makes it different from many of the analogies people have drawn between it, and other social networking sites. Continue reading