Download - Security Boundaries in Apex
![Page 1: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/1.jpg)
Security Boundaries in ApexDan Appleman
CTO, Full Circle CRM, Author of “Advanced Apex Programming”
@danappleman
![Page 2: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/2.jpg)
Safe Harbor
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
![Page 3: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/3.jpg)
What is a security boundary?
![Page 4: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/4.jpg)
What is security?•A list of things that you can do?
![Page 5: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/5.jpg)
What is security?•A list of things that you can’t do?
![Page 6: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/6.jpg)
Security Boundary•The time and place where a security decision is made•Decisions such as:• Verify identity (authentication)
![Page 7: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/7.jpg)
Security Boundary•The time and place where a security decision is made•Decisions such as:• Verify identity (authentication)• Grant/Block permission (authorization)
![Page 8: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/8.jpg)
Vacation Photos
![Page 9: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/9.jpg)
Vacation Photos
![Page 10: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/10.jpg)
Authentication on the Saleforce Platform
![Page 11: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/11.jpg)
Authorization on the Saleforce Platform•Stops you from:• Accessing records
• (role based security)
• Accessing objects• CRUD (create/read/update/delete)
• Accessing object fields• FLS (field level security)
![Page 12: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/12.jpg)
Security Boundary on the Salesforce Platform•For declarative developers – it’s the user interface
![Page 13: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/13.jpg)
Security Boundaries with Apex•Role based security
DatabaseApex Code
SOQL(with sharing only)
![Page 14: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/14.jpg)
Security Boundaries with Apex•CRUD and FLS
Apex Code
Standard object controllers(VisualForce) only
![Page 15: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/15.jpg)
Security Boundaries with Apex•CRUD and FLS – what you’re “supposed” to do…
Apex Code
Standard object controllers(VisualForce) only
if (Schema.sObjectType.Contact.fields.Email.isUpdateable()) {// Every time you access/update a field
}if (Schema.sObjectType.Contact.isDeletable()) {
// Every time you access/delete an object}
![Page 16: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/16.jpg)
If you worked for Dilbert’s company
Almost everyone is:
• Incompetent (except you)
•Completely self-centered (except you)
•Just a tiny bit malicious
Actual Dilbert Image not shownhere because I don’t feel like getting suedby Scott Adams for Copyright infringement,so use your imagination
![Page 17: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/17.jpg)
Requirement•Lead SLA (Service Level Agreement) for Sales people to try to encourage them to stop ignoring leads
![Page 18: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/18.jpg)
Requirement•Lead SLA (Service Level Agreement) for Sales people to try to encourage them to stop ignoring leads
trigger SLA_Date_Setting on Lead (before insert) {for(Lead ld: trigger.new)
{ // Real version of this would take into account holidays, vacations, etc. ld.AB_SLA_Date__c = DateTime.Now().AddDays(3); }}
![Page 19: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/19.jpg)
Result•All Salespeople always met their SLA!!!!
![Page 20: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/20.jpg)
Solution
•Use Field Level Security to make field readonly for everyone.
Database
Apex Code
VisualForce/UI
![Page 21: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/21.jpg)
Requirement•When lead status changes from default, log SLA status•(find out how responsive your sales team is)
![Page 22: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/22.jpg)
SLA Log Reporting•Salesperson can see only their own data•Sales manager can see detailed sales data•Marketing can see aggregate data, but not individual records!
![Page 23: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/23.jpg)
Implementation•Set Sharing default to private (grant access through hierarchy)•Use report or VisualForce page to access aggregate data
![Page 24: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/24.jpg)
Implementation•Set Sharing default to private (grant access through hierarchy)•Use report or VisualForce page to access aggregate data• Let sales people see results based on data they have access to (but not global
data) – With Sharing• Let marketers see results based on global data (but not individual log data) –
Without sharing
![Page 25: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/25.jpg)
Security Boundary Principles• Don’t expose restricted data (even if you can)• New data (like aggregate data) is NOT necessarily controlled by the security
settings of the source data.• Though Apex lacks impersonation, you can authorize code to perform tasks
(imaginary all-powerful code user)
![Page 26: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/26.jpg)
Closing Hints• For developers and consultants
• Please don’t ignore security, even though it adds cost, is a hassle to build and test, and nobody seems to care (until its too late)
• Use standard patterns by default (with sharing, testing CRUD/FLS) even though you’ll probably bypass them in a panic when things don’t work.
![Page 27: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/27.jpg)
Closing Hints• For developers and consultants
• Please don’t ignore security, even though it adds cost, is a hassle to build and test, and nobody seems to care (until its too late)
• Use standard patterns by default (with sharing, testing CRUD/FLS) even though you’ll probably bypass them in a panic when things don’t work.
• For application developers• Pay attention to security, because the security review team will.• Expect to fail security review first time through, and to justify use of advanced design
patterns.
![Page 28: Security Boundaries in Apex](https://reader036.vdocuments.us/reader036/viewer/2022062710/559352541a28abba1b8b4595/html5/thumbnails/28.jpg)