Security Cheat Sheet Security
Security
Security Cheat Sheet
Overview
ESAPI Functions – Force.com
Protecting the privacy of customer data and maintaining trust are salesforce.com’s core values. The Force.com platform has numerous built in security features and protections, which can be utilized by our org administrators and developers. In addition, a number of free security resources are available to assist developers with education, design and development of their applications.
SFDCAccessController Class
ESAPI security library for Force.com available at http://code.google.com/p/force-dot-com-esapi.
Provides access control functionality to enforce CRUD/FLS and sharing in the Force.com platform. setSharingMode()
Configures the library to operate with sharing, without sharing, or to inherit sharing.
Controls record-level security of data.
setOperationMode()
Configures the library to require all operations be successful or to omit changes for which the user does not have access.
with sharing
Operate with the calling user’s sharing rights. Recommended.
insertAsUser()
Insert objects while respecting the user's access rights.
without sharing
Operate without the calling user’s sharing rights. Generally only recommended for classes doing reporting or data aggregation.
updateAsUser()
Update objects while respecting the user's access rights.
deleteAsUser()
Delete objects while respecting the user's access rights.
Inherit sharing from calling class. Not recommended for Visualforce controllers or web-services.
getViewableFields()
Return a list of object fields that are viewable by the current user.
getUpdateableFields()
Return a list of object fields that are updateable by the current user.
getCreatableFields()
Return a list of object fields that are creatable by the current user.
Sharing Keywords – Force.com
CRUD (Create, Read, Update, Delete) – Force.com Controls object-level security of data. isCreateable()
Returns true if instances of this object can be created by the current user, false otherwise.
SFDCEncoder Class
isAccessible()
Returns true if the current user can see instances of this object type, false otherwise.
SFDC_JSENCODE
Escapes data for use in JavaScript quoted strings.
SFDC_JSINHTMLENCODE
isUpdateable()
Returns true if instances of this object can be updated by the current user, false otherwise.
Escapes data for use in JavaScript quoted strings that will be used in HTML tags.
SFDC_HTMLENCODE
Escapes data for use in HTML tags.
SFDC_URLENCODE
Escapes data for use in URLs according to RFC 3986 syntax.
isDeleteable()
Returns true if instances of this object can be deleted by the current user, false otherwise.
Provides text escaping functions for Force.com.
Crypto Library – Force.com
Controls access to object fields.
Provides standard algorithms for creating digests, message authentication codes, and signatures, as well as encrypting and decrypting information using AES. Encryption keys should be stored securely within a Protected Custom Setting.
isCreateable()
Returns true if the field can be created by the current user, false otherwise.
encrypt()
Encrypts the blob clearText using the specified algorithm, private key, and initialization vector. Use this method when you want to specify your own initialization vector.
isAccessible()
Returns true if the current user can see this field, false otherwise.
encryptWithManagedIV()
isUpdateable()
Returns true if the field can be edited by the current user, false otherwise.
Encrypts the blob clearText using the specified algorithm and private key. Use this method when you want salesforce.com to generate the initialization vector for you.
decrypt()
Decrypts the blob cipherText using the specified algorithm, private key, and initialization vector.
decryptWithManagedIV()
Decrypts the blob IVAndCipherText using the specified algorithm and private key. Use this method to decrypt blobs encrypted using the encryptWithManagedIV method.
generateAesKey()
Generates an AES key of the specified size.
generateDigest()
Computes a one-way hash digest based on the input string and algorithm.
FLS (Field Level Security) Describe Calls – Force.com
Visualforce Escaping Functions – Force.com Server-side functions to escape data to prevent cross-site scripting. Example: {!HTMLENCODE($Request.title)} JSENCODE
Escapes data for use in JavaScript quoted strings.
generateMac()
Computes a message authentication code (MAC) for the input string, using the private key and the specified algorithm.
JSINHTMLENCODE
Escapes data for use in JavaScript quoted strings that will be used in HTML tags.
getRandomInteger()
Returns a random Integer.
HTMLENCODE
Escapes data for use in HTML tags.
getRandomLong()
Returns a random Long.
sign()
URLENCODE
Escapes data for use in URLs according to RFC 3986 syntax.
Computes a unique digital signature for the input string, using the supplied private key and the specified algorithm.
http://developer.force.com
Custom Setting Methods
Session Settings
Special objects that support a "protected" mode for storing sensitive information like encryption keys.
Controls available for general session handling settings, including session timeout. These settings can be found under Setup | Security Controls | Session Setting
getAll()
Setting Name
Description
Recommended
Timeout value
Idle session time to automatically log user out of Salesforce.
30 minutes
Disable session timeout warning popup
Disable the warning browser pop-up when a user is about to be logged out from the idle session timeout.
Yes
Lock sessions to the IP address from which they originate
Force the user session to remain locked to the IP address from which the user authenticated. May impact AppExchange installations.
Yes (if possible)
Require secure connections (https)
Require HTTPS on all page requests.
Yes
Enable caching and autocomplate on login page
Allow the user’s browser to store and autocomplete usernames or passwords after first login.
No
Returns a map of the data sets defined for the custom setting. List custom settings only.
getInstance()
Returns the "lowest level" custom setting data set for the specified dataset name, user ID, Profile ID, or current user (depending on parameters and setting type). Identical to getValues() for List custom settings.
getValues()
Returns only the custom setting data set for the specified dataset name, user ID, Profile ID, or current user (depending on parameters and setting type).
getOrgDefaults()
Returns the custom setting data set for the organization. Hierarchy custom settings only.
Password Policies Controls available for enabling password restrictions and account lockout settings. These settings can be found under Setup | Security Controls | Password Policies. Setting Name
Description
Recommended
Auditing and Logging
User passwords expire in
Frequency to automatically expire passwords.
90 days
Salesforce provides several types of audit logs for monitoring logins and changes to your organization.
Enforce password history
How many previous passwords to save to prevent password re-use.
5 passwords remembered
Setting Name
Description
Location
Minimum password length
Minimum length of a password.
8 characters
User Login History
All successful and failed login attempts are recorded and saved for 180 days.
Setup | Manage Users | Login History
Password complexity requirement
Should the password contain a mix of letters and numbers.
Must mix alpha and numeric
Setup Audit Trail
Every configuration (Setup) change is logged and archived for 180 days.
Setup | Security Controls | View Setup Audit Trail
Password question requirement
Require the user’s password hint to not contain the password.
Cannot contain password
Object History Tracking
Selected standard and custom fields can be enabled to track the change history.
Setup | Customize | [object type] | Fields | Set History Tracking
Maximum invalid login attempts
How many invalid logins are allowed before locking out the account.
5
Sensitive Permissions
Lockout effective period
How long should an account remain locked out.
30 minutes
Login and Authentication Settings Login and Authentication features and restrictions. These settings should be enabled as appropriate for your company. Setting Name
Description
Location
IP Address Restrictions
User logins can be restricted to a specific IP address or a range of IP addresses.
Setup | Security Controls | Network Access (everyone) Setup | Manage Users | Profiles (individual profiles)
Time of Day Restrictions
User logins can be restricted to specified times of the day.
Setup | Manage Users | Profiles
Single Sign-On Options
Enable delegated authentication or Federated authentication via SAML.
Delegated Authentication: Contact Support Federated Authentication: Setup | Security Controls | Single Sign-On Settings
When using profiles, we recommend reviewing profiles for these sensitive permissions. Permissions per profile can be viewed at Setup | Manage users | Profiles. Premission
Description
Author Apex
Can modify and deploy Apex. By default, Apex code runs with full administrative privileges.
Customize Application
Make configuration changes to the organizational settings.
Download AppExchange packages
Install or uninstall packages from the AppExchange.
Manage Users
The ability to create or modify user accounts, including logins, sharing rules, and login restrictions.
Modify All Data
This permission gives the user the ability to create, edit, or delete all data in Salesforce.
Password Never Expires
Prevent the password from expiring.
View All Data
View all data owned by other users.
For other cheatsheets: http://developer.force.com/cheatsheets
082011
Security Cheat Sheet
Overview
ESAPI Functions – Force.com
Protecting the privacy of customer data and maintaining trust are salesforce.com’s core values. The Force.com platform has numerous built in security features and protections, which can be utilized by our org administrators and developers. In addition, a number of free security resources are available to assist developers with education, design and development of their applications.
SFDCAccessController Class
ESAPI security library for Force.com available at http://code.google.com/p/force-dot-com-esapi.
Provides access control functionality to enforce CRUD/FLS and sharing in the Force.com platform. setSharingMode()
Configures the library to operate with sharing, without sharing, or to inherit sharing.
Controls record-level security of data.
setOperationMode()
Configures the library to require all operations be successful or to omit changes for which the user does not have access.
with sharing
Operate with the calling user’s sharing rights. Recommended.
insertAsUser()
Insert objects while respecting the user's access rights.
without sharing
Operate without the calling user’s sharing rights. Generally only recommended for classes doing reporting or data aggregation.
updateAsUser()
Update objects while respecting the user's access rights.
deleteAsUser()
Delete objects while respecting the user's access rights.
Inherit sharing from calling class. Not recommended for Visualforce controllers or web-services.
getViewableFields()
Return a list of object fields that are viewable by the current user.
getUpdateableFields()
Return a list of object fields that are updateable by the current user.
getCreatableFields()
Return a list of object fields that are creatable by the current user.
Sharing Keywords – Force.com
CRUD (Create, Read, Update, Delete) – Force.com Controls object-level security of data. isCreateable()
Returns true if instances of this object can be created by the current user, false otherwise.
SFDCEncoder Class
isAccessible()
Returns true if the current user can see instances of this object type, false otherwise.
SFDC_JSENCODE
Escapes data for use in JavaScript quoted strings.
SFDC_JSINHTMLENCODE
isUpdateable()
Returns true if instances of this object can be updated by the current user, false otherwise.
Escapes data for use in JavaScript quoted strings that will be used in HTML tags.
SFDC_HTMLENCODE
Escapes data for use in HTML tags.
SFDC_URLENCODE
Escapes data for use in URLs according to RFC 3986 syntax.
isDeleteable()
Returns true if instances of this object can be deleted by the current user, false otherwise.
Provides text escaping functions for Force.com.
Crypto Library – Force.com
Controls access to object fields.
Provides standard algorithms for creating digests, message authentication codes, and signatures, as well as encrypting and decrypting information using AES. Encryption keys should be stored securely within a Protected Custom Setting.
isCreateable()
Returns true if the field can be created by the current user, false otherwise.
encrypt()
Encrypts the blob clearText using the specified algorithm, private key, and initialization vector. Use this method when you want to specify your own initialization vector.
isAccessible()
Returns true if the current user can see this field, false otherwise.
encryptWithManagedIV()
isUpdateable()
Returns true if the field can be edited by the current user, false otherwise.
Encrypts the blob clearText using the specified algorithm and private key. Use this method when you want salesforce.com to generate the initialization vector for you.
decrypt()
Decrypts the blob cipherText using the specified algorithm, private key, and initialization vector.
decryptWithManagedIV()
Decrypts the blob IVAndCipherText using the specified algorithm and private key. Use this method to decrypt blobs encrypted using the encryptWithManagedIV method.
generateAesKey()
Generates an AES key of the specified size.
generateDigest()
Computes a one-way hash digest based on the input string and algorithm.
FLS (Field Level Security) Describe Calls – Force.com
Visualforce Escaping Functions – Force.com Server-side functions to escape data to prevent cross-site scripting. Example: {!HTMLENCODE($Request.title)} JSENCODE
Escapes data for use in JavaScript quoted strings.
generateMac()
Computes a message authentication code (MAC) for the input string, using the private key and the specified algorithm.
JSINHTMLENCODE
Escapes data for use in JavaScript quoted strings that will be used in HTML tags.
getRandomInteger()
Returns a random Integer.
HTMLENCODE
Escapes data for use in HTML tags.
getRandomLong()
Returns a random Long.
sign()
URLENCODE
Escapes data for use in URLs according to RFC 3986 syntax.
Computes a unique digital signature for the input string, using the supplied private key and the specified algorithm.
http://developer.force.com
Custom Setting Methods
Session Settings
Special objects that support a "protected" mode for storing sensitive information like encryption keys.
Controls available for general session handling settings, including session timeout. These settings can be found under Setup | Security Controls | Session Setting
getAll()
Setting Name
Description
Recommended
Timeout value
Idle session time to automatically log user out of Salesforce.
30 minutes
Disable session timeout warning popup
Disable the warning browser pop-up when a user is about to be logged out from the idle session timeout.
Yes
Lock sessions to the IP address from which they originate
Force the user session to remain locked to the IP address from which the user authenticated. May impact AppExchange installations.
Yes (if possible)
Require secure connections (https)
Require HTTPS on all page requests.
Yes
Enable caching and autocomplate on login page
Allow the user’s browser to store and autocomplete usernames or passwords after first login.
No
Returns a map of the data sets defined for the custom setting. List custom settings only.
getInstance()
Returns the "lowest level" custom setting data set for the specified dataset name, user ID, Profile ID, or current user (depending on parameters and setting type). Identical to getValues() for List custom settings.
getValues()
Returns only the custom setting data set for the specified dataset name, user ID, Profile ID, or current user (depending on parameters and setting type).
getOrgDefaults()
Returns the custom setting data set for the organization. Hierarchy custom settings only.
Password Policies Controls available for enabling password restrictions and account lockout settings. These settings can be found under Setup | Security Controls | Password Policies. Setting Name
Description
Recommended
Auditing and Logging
User passwords expire in
Frequency to automatically expire passwords.
90 days
Salesforce provides several types of audit logs for monitoring logins and changes to your organization.
Enforce password history
How many previous passwords to save to prevent password re-use.
5 passwords remembered
Setting Name
Description
Location
Minimum password length
Minimum length of a password.
8 characters
User Login History
All successful and failed login attempts are recorded and saved for 180 days.
Setup | Manage Users | Login History
Password complexity requirement
Should the password contain a mix of letters and numbers.
Must mix alpha and numeric
Setup Audit Trail
Every configuration (Setup) change is logged and archived for 180 days.
Setup | Security Controls | View Setup Audit Trail
Password question requirement
Require the user’s password hint to not contain the password.
Cannot contain password
Object History Tracking
Selected standard and custom fields can be enabled to track the change history.
Setup | Customize | [object type] | Fields | Set History Tracking
Maximum invalid login attempts
How many invalid logins are allowed before locking out the account.
5
Sensitive Permissions
Lockout effective period
How long should an account remain locked out.
30 minutes
Login and Authentication Settings Login and Authentication features and restrictions. These settings should be enabled as appropriate for your company. Setting Name
Description
Location
IP Address Restrictions
User logins can be restricted to a specific IP address or a range of IP addresses.
Setup | Security Controls | Network Access (everyone) Setup | Manage Users | Profiles (individual profiles)
Time of Day Restrictions
User logins can be restricted to specified times of the day.
Setup | Manage Users | Profiles
Single Sign-On Options
Enable delegated authentication or Federated authentication via SAML.
Delegated Authentication: Contact Support Federated Authentication: Setup | Security Controls | Single Sign-On Settings
When using profiles, we recommend reviewing profiles for these sensitive permissions. Permissions per profile can be viewed at Setup | Manage users | Profiles. Premission
Description
Author Apex
Can modify and deploy Apex. By default, Apex code runs with full administrative privileges.
Customize Application
Make configuration changes to the organizational settings.
Download AppExchange packages
Install or uninstall packages from the AppExchange.
Manage Users
The ability to create or modify user accounts, including logins, sharing rules, and login restrictions.
Modify All Data
This permission gives the user the ability to create, edit, or delete all data in Salesforce.
Password Never Expires
Prevent the password from expiring.
View All Data
View all data owned by other users.
For other cheatsheets: http://developer.force.com/cheatsheets
082011
