The power of Sites is the ability to publicly expose Salesforce data to the world. In another post on the marketing blog, I showed one application of Sites for event registration forms which eliminates Lead duplicates & prevents prospects from having to retype their information. While Sites is secure and battle tested, if you expose Salesforce data using the typical URL syntax of:
a hacker could start guessing other IDs and either scrape information you show on the form for those IDs, or do any actions on those forms intended for your prospects and customers such as create bad event registrations or download white papers.
This article picks up where Ron’s article on creating encrypted text fields left off.
As Ron mentioned, a secure way to handle this problem is to use an encrypted key in addition to the object ID as URL variables, and here I’ll show a straightforward way to do that. Using both a key & the ID helps protect against poorly randomized keys by increasing the length of the text that needs to match.
The steps to create encrypted access to public Sites forms:
1) Create a working Sites webform with all the proper security access settings
2) Create a custom field that serves as the encrypted key, and create a trigger to populate that field
3) Add a method to your controller to redirect the page if the ID and Key don’t match
4) Modify your Visualforce page to call this Apex function upon load
5) Modify your Email Template links to point to the page using both the encrypted key and the campaign member ID
1) Create working Sites form
This post will give you a great head start on getting a Sites webform up & running.
2) Create a custom field & trigger to populate the encrypted key
Next create a custom field called “EncryptedKey__c” and use a trigger to update it. The custom field should be either missing from page layouts or read only to prevent changes. This article has more background on how to make the trigger. A trigger example for Campaign Member might look something like this:
3) Add a method to your controller to redirect the page if the ID and Key don’t match
The Apex controller changes are actually pretty small. Here I’ve created a page reference method called “checkEncryptionKey”, which grabs the key from the URL using getParameters, and queries SFDC for the record with that key if found.
4) Modify your Visualforce page to call this Apex function upon load
Modifying the VF page is almost trivial, adding the action to the page tag:
Before
After
5) Modify your Email Template links to point to the page using both the encrypted key and the campaign member ID
Finally, change your email template link to point to your landing page using the new encrypted key instead of the campaign member ID. See this post for more information on how to include links in email templates.
For the test example that points to the internal VF page, we’ll use URL in the email template to pass the key to your registration page:
A public sites page link would look something closer to this:
That’s it! Now every new campaign member you create will have the encrypted key created by the trigger and your pages will be secure. This is not the only way, nor necessarily the best way to secure sites pages, but should work well against most threats.