ISVforce Guide

Welcome to the ISVforce Guide
ISVforce Quick Start
Grow Your AppExchange Business
Design and Build Your Solution
Create a Secure Solution
Prevent Common Violations of Secure Coding Guidelines
Loading JavaScript Files from Third-Party Endpoints
Loading Third-Party CSS in Lightning Components
Using CSS Outside Components
Running JavaScript in the Salesforce Domain
Exposing Secret Data When Debugging
Storing Sensitive Data Insecurely
Using Software That Has Known Vulnerabilities
Using Sample Code in Production
Bypassing Object-Level and Field-Level Access Settings
Bypassing Sharing Rules in Apex
SOQL Injection Due to Insecure Database Query Construction
Cross-Site Request Forgery
Open Redirects
Lightning LockerService Disabled
Insufficient Escaping in Lightning Components
Asynchronous Code in Components
Overview of Packages
Components Available in Managed Packages
About API and Dynamic Apex Access in Packages
Architectural Considerations for Group and Professional Editions
Connected Apps
Environment Hub
Developer Hub
Notifications for Package Errors
Package and Test Your Solution
Pass the AppExchange Security Review
Publish Your Solution on AppExchange
Sell on AppExchange with Checkout
Monitor Performance with Analytics for AppExchange Partners
Manage Orders
Managing Licenses for Managed Packages
Partner Licensing Platform (Developer Preview)
Manage Features in First-Generation Managed Packages
Provide a Free Trial of Your Solution
Update Your Solution
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Storing Sensitive Data Insecurely

Follow enterprise security standards when you export data from the Salesforce Platform and when you store secret data in the platform.

Insecure sensitive data storage provides many avenues for hackers to pose threats. For example, an org administrator is the only person who is supposed to know the API key. Hackers can use an exposed key to communicate data over admin channels to remote endpoints.

Salesforce takes threats to data that originate in your solution seriously. A data breach or loss caused by a vulnerability in your solution jeopardizes your relationship with Salesforce.

Follow the enterprise standards in Storing Sensitive Data when:
  • Exporting customer data from the Salesforce platform.
  • Storing secrets such as cryptographic keys, session ids, or passwords in the Salesforce Platform.

Metadata Example

The metadata in this example represents a custom object. This custom object definition isn’t secure because the <visibility> tag for the API key field is set to Public. The field can be viewed in plain text.
1<CustomObject xmlns="http://soap.sforce.com/2006/04/metadata">
2   <fields>
3        <fullName>apiKey__c</fullName>
4        <externalId>false</externalId>
5        <fieldManageability>DeveloperControlled</fieldManageability>
6        <label>apiKey</label>
7        <length>50</length>
8        <required>false</required>
9        <type>Text</type>
10        <unique>false</unique>
11   </fields>
12   <label>Phone Verify Setting</label>
13   <pluralLabel>Phone Verify Settings</pluralLabel>
14   <visibility>Public</visibility>
15</CustomObject>

When storing a secret in a custom object, such as an API key, encrypt it. Store the encryption key separately in a protected custom setting or a protected custom metadata API field.