SlideShare uma empresa Scribd logo

Secure Salesforce: Lightning Components Best Practices

Salesforce Developers
Salesforce Developers

How safe are your Lightning Components? Join us and learn about the foundations required for a secure application built on Lightning. We'll cover common misconceptions around field-level security, CRUD, content security policy (CSP), as well as other common mistakes with Lightning. You'll walk away with all the best practices for hardening your application and keeping your data secure.

Tecnologia
1 de 22
Baixar para ler offline
Secure Salesforce: Lightning Component Best Practices Secure best practices ​ Sergey Gorbaty ​ SMTS Product Security ​ sergey.gorbaty@salesforce.com ​ @ser_gor ​  ​ Robert Sussland ​ SMTS Product Security ​ rsussland@salesforce.com ​ 
​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
Sergey Gorbaty SMTS Product Security, Salesforce
Robert Sussland SMTS Product Security, Salesforce
•  Client Side Security •  Security Model and Dangers •  Lightning Domain Separation •  Playing Safe Within Your Locker •  Content Security Policy •  Escaping, Rendering, External Scripts •  Server Side Security •  Apex Controllers, Aura Methods •  CRUD, FLS •  Summary Agenda
Client Side Security
•  Lightning applications built using components •  Components come from your org, from Salesforce and from AppExchange •  All non-Salesforce authored Lightning components run from the Lightning Domain* •  Same Origin Policy Browser Security Model •  Many components will be rendered from the same Lightning Domain •  Security risks come from JavaScript and not from Lightning design •  JavaScript from different code bases runs on the same domain •  Can access everything Security Model and Dangers
•  Lightning domains are used for all things Lightning •  Including partner applications, components •  Data and metadata fetching •  Domain separation will improve over time •  Each component needs to play safe within its locker to avoid breakage Lightning Domain Separation
Do not: •  Send user data to 3rd party external domains •  Clobber Aura built-in methods •  Implement component RPC yourself •  Trigger DML operations from init() •  Modify DOM in the controller •  Fire events from renderer •  Use 3rd party MVC Playing Safe Within Your Locker
Do: •  Call your own controller’s @AuraEnabled methods •  Modify only your own component’s DOM •  Use <aura:method> to define component actions •  Use events for communication •  COMPONENT type events for internal events •  APPLICATION type events should be treated as ‘navigation’ •  Practice JavaScript secure coding best practices Playing Safe Within Your Locker (Cont’d.)
•  Common ground rules for safe-by-default communication •  XHR, websockets can only connect to the application origin •  Script sources can only be loaded from the application origin, e.g. from static resources •  All components are subject to CSP •  Additional rules are enforced at the security review •  No eval(), inline JavaScript, dynamic <script> creation, innerHTML based rendering… •  Latest details posted at •  https://developer.salesforce.com/page/Lightning_Security Content Security Policy
•  Avoid href assignment via document.location.href •  Use relative URL with ‘/’ and encodeURI •  String attributes need to be escaped if rendered outside of Lightning rendering •  Avoid rendering using <unescapedHTML>, v.body, innerHTML •  Instead of element.innerHTML = ‘<div class=‘ + class + ‘”>’ + name + ‘</div>’; •  Use element.className = class; element.innerText = name; •  Public attribute of String data must be escaped before assignment to v.body •  For additional escaping functions check Aura.Utils.SecureFilters Component Data Rendering Tips
Demo
Server Side Security
•  Use unambiguous class sharing definition •  with sharing •  without sharing •  Assume any @AuraEnabled method is global == web service •  Components may call it out of order •  Additional checks are needed due to various user levels Apex Controllers, Aura Methods
•  Apex runs in a system mode, will return all data for every user •  Lighting Components do not have automatic CRUD enforcement •  Each @AuraEnabled method that returns data must perform checks •  Do not assume user has access to all fields •  Checks must be performed on all objects •  Checks allow best user experience when access is limited •  Documentation •  https://developer.salesforce.com/page/Testing_CRUD_and_FLS_Enforcement CRUD, FLS
Demo
Summary
•  User input and 3rd party data needs to be rendered safely, use escaping •  Never assume user has access to anything, perform proper checks in Apex •  Use JavaScript defensively and do not access other components’ DOM directly Summary
Thank youThank you
Secure Salesforce at Dreamforce 2015 ​  10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of Security on the Salesforce Platform ​  Visit our booth in the DevZone with any security questions ​  Check out the schedule and details at http://bit.ly/DF15Sec ​  Admin-related security questions? ​  Join us for coffee in the Admin Zone Security Cafe
Secure Salesforce Sesssions ​  Common Secure Coding Mistakes ​  Rachel Black and Alejandro Raigon Munoz ​  THURSDAY ​  5:00pm in Moscone West 2006 ​  Chimera: External Integration Security ​  Tim Bach and Travis Safford ​  FRIDAY ​  10:00am in Moscone West 2009

Recomendados

From Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementFrom Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementSalesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceSalesforce Developers
 
Best practices for implementing CI/CD on Salesforce
Best practices for implementing CI/CD on SalesforceBest practices for implementing CI/CD on Salesforce
Best practices for implementing CI/CD on SalesforceAIMDek Technologies
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSalesforce Developers
 
Salesforce Development Best Practices
Salesforce Development Best PracticesSalesforce Development Best Practices
Salesforce Development Best PracticesVivek Chawla
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patternsusolutions
 
Salesforce Flawless Packaging And Deployment
Salesforce Flawless Packaging And DeploymentSalesforce Flawless Packaging And Deployment
Salesforce Flawless Packaging And DeploymentHarshala Shewale ☁
 

Recomendados

From Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementFrom Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementSalesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceSalesforce Developers
 
Best practices for implementing CI/CD on Salesforce
Best practices for implementing CI/CD on SalesforceBest practices for implementing CI/CD on Salesforce
Best practices for implementing CI/CD on SalesforceAIMDek Technologies
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSalesforce Developers
 
Salesforce Development Best Practices
Salesforce Development Best PracticesSalesforce Development Best Practices
Salesforce Development Best PracticesVivek Chawla
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patternsusolutions
 
Salesforce Flawless Packaging And Deployment
Salesforce Flawless Packaging And DeploymentSalesforce Flawless Packaging And Deployment
Salesforce Flawless Packaging And DeploymentHarshala Shewale ☁
 
Planning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperiencePlanning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperienceShell Black
 
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...Sam Garforth
 
Salesforce.com Sandbox management
Salesforce.com Sandbox management Salesforce.com Sandbox management
Salesforce.com Sandbox management Ali Akbar
 
Apex Testing Best Practices
Apex Testing Best PracticesApex Testing Best Practices
Apex Testing Best PracticesSalesforce Developers
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforceMark Adcock
 
Best Practices for RESTful Web Services
Best Practices for RESTful Web ServicesBest Practices for RESTful Web Services
Best Practices for RESTful Web ServicesSalesforce Developers
 
Introduction to Visualforce
Introduction to VisualforceIntroduction to Visualforce
Introduction to VisualforceSalesforce Developers
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelSalesforce Developers
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataSalesforce Developers
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsSalesforce Developers
 
Performing a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforcePerforming a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforceCoforge (Erstwhile WHISHWORKS)
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with SalesforceSalesforce Developers
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudrsg00usa
 
3.software testing
3.software testing3.software testing
3.software testingDeepak Sharma
 
Salesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Developers
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce OrgSalesforce Admins
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)Maganathin Veeraragaloo
 
Lwc presentation
Lwc presentationLwc presentation
Lwc presentationNithesh N
 
Introducing the Salesforce platform
Introducing the Salesforce platformIntroducing the Salesforce platform
Introducing the Salesforce platformJohn Stevenson
 
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...Anna Loughnan Colquhoun
 
Lightning Components Workshop
Lightning Components WorkshopLightning Components Workshop
Lightning Components WorkshopSalesforce Developers
 
Best Practices for Lightning Apps
Best Practices for Lightning AppsBest Practices for Lightning Apps
Best Practices for Lightning AppsMark Adcock
 

Mais conteúdo relacionado

Mais procurados

Planning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperiencePlanning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperienceShell Black
 
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...Sam Garforth
 
Salesforce.com Sandbox management
Salesforce.com Sandbox management Salesforce.com Sandbox management
Salesforce.com Sandbox management Ali Akbar
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforceMark Adcock
 
Best Practices for RESTful Web Services
Best Practices for RESTful Web ServicesBest Practices for RESTful Web Services
Best Practices for RESTful Web ServicesSalesforce Developers
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelSalesforce Developers
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataSalesforce Developers
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsSalesforce Developers
 
Performing a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforcePerforming a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforceCoforge (Erstwhile WHISHWORKS)
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with SalesforceSalesforce Developers
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudrsg00usa
 
Salesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Developers
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce OrgSalesforce Admins
 
Lwc presentation
Lwc presentationLwc presentation
Lwc presentationNithesh N
 
Introducing the Salesforce platform
Introducing the Salesforce platformIntroducing the Salesforce platform
Introducing the Salesforce platformJohn Stevenson
 
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...Anna Loughnan Colquhoun
 

Mais procurados (20)

Planning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning ExperiencePlanning Your Migration to the Lightning Experience
Planning Your Migration to the Lightning Experience
 
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...
Salesforce Application Lifecycle Management presented to EA Forum by Sam Garf...
 
Salesforce.com Sandbox management
Salesforce.com Sandbox management Salesforce.com Sandbox management
Salesforce.com Sandbox management
 
Apex Testing Best Practices
Apex Testing Best PracticesApex Testing Best Practices
Apex Testing Best Practices
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforce
 
Best Practices for RESTful Web Services
Best Practices for RESTful Web ServicesBest Practices for RESTful Web Services
Best Practices for RESTful Web Services
 
Introduction to Visualforce
Introduction to VisualforceIntroduction to Visualforce
Introduction to Visualforce
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security Model
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform Events
 
Performing a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforcePerforming a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in Salesforce
 
Integrating Active Directory with Salesforce
Integrating Active Directory with SalesforceIntegrating Active Directory with Salesforce
Integrating Active Directory with Salesforce
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloud
 
3.software testing
3.software testing3.software testing
3.software testing
 
Salesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for DeploymentSalesforce Release Management - Best Practices and Tools for Deployment
Salesforce Release Management - Best Practices and Tools for Deployment
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce Org
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Lwc presentation
Lwc presentationLwc presentation
Lwc presentation
 
Introducing the Salesforce platform
Introducing the Salesforce platformIntroducing the Salesforce platform
Introducing the Salesforce platform
 
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
 

Destaque

Best Practices for Lightning Apps
Best Practices for Lightning AppsBest Practices for Lightning Apps
Best Practices for Lightning AppsMark Adcock
 
Lightning Components - Advanced Features
Lightning Components - Advanced FeaturesLightning Components - Advanced Features
Lightning Components - Advanced FeaturesSalesforce Developers
 
Lightning Connect Custom Adapters: Connecting Anything with Salesforce
Lightning Connect Custom Adapters: Connecting Anything with SalesforceLightning Connect Custom Adapters: Connecting Anything with Salesforce
Lightning Connect Custom Adapters: Connecting Anything with SalesforceSalesforce Developers
 
Secure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSecure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSalesforce Developers
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeSalesforce Developers
 
Javascript Security and Lightning Locker Service
Javascript Security and Lightning Locker ServiceJavascript Security and Lightning Locker Service
Javascript Security and Lightning Locker ServiceSalesforce Developers
 
Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesSalesforce Developers
 
Introduction to Analytics Cloud
Introduction to Analytics CloudIntroduction to Analytics Cloud
Introduction to Analytics CloudMohith Shrivastava
 
Real-time SQL Access to Your Salesforce.com Data Using Progress Data Direct
Real-time SQL Access to Your Salesforce.com Data Using Progress Data DirectReal-time SQL Access to Your Salesforce.com Data Using Progress Data Direct
Real-time SQL Access to Your Salesforce.com Data Using Progress Data DirectSalesforce Developers
 
Force.com Canvas in the Publisher and Chatter Feed
Force.com Canvas in the Publisher and Chatter FeedForce.com Canvas in the Publisher and Chatter Feed
Force.com Canvas in the Publisher and Chatter FeedSalesforce Developers
 
Lightning strikes twice- SEDreamin
Lightning strikes twice- SEDreaminLightning strikes twice- SEDreamin
Lightning strikes twice- SEDreaminMohith Shrivastava
 
Go Faster with Process Builder
Go Faster with Process BuilderGo Faster with Process Builder
Go Faster with Process Builderandyinthecloud
 
Apex Connector for Lightning Connect: Make Anything a Salesforce Object
Apex Connector for Lightning Connect: Make Anything a Salesforce ObjectApex Connector for Lightning Connect: Make Anything a Salesforce Object
Apex Connector for Lightning Connect: Make Anything a Salesforce ObjectSalesforce Developers
 
Building strong foundations apex enterprise patterns
Building strong foundations apex enterprise patternsBuilding strong foundations apex enterprise patterns
Building strong foundations apex enterprise patternsandyinthecloud
 
Salesforce World Tour 2016 : Lightning Out : Components on any Platform
Salesforce World Tour 2016 : Lightning Out : Components on any PlatformSalesforce World Tour 2016 : Lightning Out : Components on any Platform
Salesforce World Tour 2016 : Lightning Out : Components on any Platformandyinthecloud
 
Lightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldLightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldSalesforce Developers
 
Two-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsTwo-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsSalesforce Developers
 

Destaque (20)

Lightning Components Workshop
Lightning Components WorkshopLightning Components Workshop
Lightning Components Workshop
 
Best Practices for Lightning Apps
Best Practices for Lightning AppsBest Practices for Lightning Apps
Best Practices for Lightning Apps
 
Lightning Components - Advanced Features
Lightning Components - Advanced FeaturesLightning Components - Advanced Features
Lightning Components - Advanced Features
 
Lightning Connect Custom Adapters: Connecting Anything with Salesforce
Lightning Connect Custom Adapters: Connecting Anything with SalesforceLightning Connect Custom Adapters: Connecting Anything with Salesforce
Lightning Connect Custom Adapters: Connecting Anything with Salesforce
 
Secure Salesforce: External App Integrations
Secure Salesforce: External App IntegrationsSecure Salesforce: External App Integrations
Secure Salesforce: External App Integrations
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning Exchange
 
Javascript Security and Lightning Locker Service
Javascript Security and Lightning Locker ServiceJavascript Security and Lightning Locker Service
Javascript Security and Lightning Locker Service
 
Salesforce Lightning workshop
Salesforce Lightning workshopSalesforce Lightning workshop
Salesforce Lightning workshop
 
Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best Practices
 
Introduction to Analytics Cloud
Introduction to Analytics CloudIntroduction to Analytics Cloud
Introduction to Analytics Cloud
 
Real-time SQL Access to Your Salesforce.com Data Using Progress Data Direct
Real-time SQL Access to Your Salesforce.com Data Using Progress Data DirectReal-time SQL Access to Your Salesforce.com Data Using Progress Data Direct
Real-time SQL Access to Your Salesforce.com Data Using Progress Data Direct
 
Force.com Canvas in the Publisher and Chatter Feed
Force.com Canvas in the Publisher and Chatter FeedForce.com Canvas in the Publisher and Chatter Feed
Force.com Canvas in the Publisher and Chatter Feed
 
Lightning strikes twice- SEDreamin
Lightning strikes twice- SEDreaminLightning strikes twice- SEDreamin
Lightning strikes twice- SEDreamin
 
Go Faster with Process Builder
Go Faster with Process BuilderGo Faster with Process Builder
Go Faster with Process Builder
 
Apex Connector for Lightning Connect: Make Anything a Salesforce Object
Apex Connector for Lightning Connect: Make Anything a Salesforce ObjectApex Connector for Lightning Connect: Make Anything a Salesforce Object
Apex Connector for Lightning Connect: Make Anything a Salesforce Object
 
Building strong foundations apex enterprise patterns
Building strong foundations apex enterprise patternsBuilding strong foundations apex enterprise patterns
Building strong foundations apex enterprise patterns
 
Salesforce World Tour 2016 : Lightning Out : Components on any Platform
Salesforce World Tour 2016 : Lightning Out : Components on any PlatformSalesforce World Tour 2016 : Lightning Out : Components on any Platform
Salesforce World Tour 2016 : Lightning Out : Components on any Platform
 
Lightning Connect: Lessons Learned
Lightning Connect: Lessons LearnedLightning Connect: Lessons Learned
Lightning Connect: Lessons Learned
 
Lightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the WorldLightning Out: Components for the Rest of the World
Lightning Out: Components for the Rest of the World
 
Two-Way Integration with Writable External Objects
Two-Way Integration with Writable External ObjectsTwo-Way Integration with Writable External Objects
Two-Way Integration with Writable External Objects
 

Semelhante a Secure Salesforce: Lightning Components Best Practices

Salesforce shield &amp; summer 20 release
Salesforce shield &amp; summer 20 releaseSalesforce shield &amp; summer 20 release
Salesforce shield &amp; summer 20 releaseDevendra Sawant
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Mark Adcock
 
Building Apps Faster with Lightning and Winter '17
Building Apps Faster with Lightning and Winter '17Building Apps Faster with Lightning and Winter '17
Building Apps Faster with Lightning and Winter '17Mark Adcock
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Salesforce Developers
 
Designing custom REST and SOAP interfaces on Force.com
Designing custom REST and SOAP interfaces on Force.comDesigning custom REST and SOAP interfaces on Force.com
Designing custom REST and SOAP interfaces on Force.comSteven Herod
 
Salesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksSalesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksRyan Flood
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSalesforce Developers
 
Secure Salesforce: Code Scanning with Checkmarx
Secure Salesforce: Code Scanning with CheckmarxSecure Salesforce: Code Scanning with Checkmarx
Secure Salesforce: Code Scanning with CheckmarxSalesforce Developers
 
Designing Custom REST and SOAP Interfaces on Force.com
Designing Custom REST and SOAP Interfaces on Force.comDesigning Custom REST and SOAP Interfaces on Force.com
Designing Custom REST and SOAP Interfaces on Force.comSalesforce Developers
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKMartin Vigo
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSalesforce Developers
 
Lightning Chess, The fun way to learn the Lightning Component Framework
Lightning Chess, The fun way to learn the Lightning Component FrameworkLightning Chess, The fun way to learn the Lightning Component Framework
Lightning Chess, The fun way to learn the Lightning Component FrameworkLieven Juwet
 
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxLWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxVkrish Peru
 
Secure Salesforce: CRUD / FLS / Sharing
Secure Salesforce: CRUD / FLS / SharingSecure Salesforce: CRUD / FLS / Sharing
Secure Salesforce: CRUD / FLS / SharingSalesforce Developers
 
How to Launch Your AppExchange App at Dreamforce
How to Launch Your AppExchange App at DreamforceHow to Launch Your AppExchange App at Dreamforce
How to Launch Your AppExchange App at DreamforceCodeScience
 
Salesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer StrategySalesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer StrategyPeter Chittum
 
Build Consumer-Facing Apps with Heroku Connect
Build Consumer-Facing Apps with Heroku ConnectBuild Consumer-Facing Apps with Heroku Connect
Build Consumer-Facing Apps with Heroku ConnectJeff Douglas
 

Semelhante a Secure Salesforce: Lightning Components Best Practices (20)

Salesforce shield &amp; summer 20 release
Salesforce shield &amp; summer 20 releaseSalesforce shield &amp; summer 20 release
Salesforce shield &amp; summer 20 release
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3
 
Building Apps Faster with Lightning and Winter '17
Building Apps Faster with Lightning and Winter '17Building Apps Faster with Lightning and Winter '17
Building Apps Faster with Lightning and Winter '17
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17
 
Designing custom REST and SOAP interfaces on Force.com
Designing custom REST and SOAP interfaces on Force.comDesigning custom REST and SOAP interfaces on Force.com
Designing custom REST and SOAP interfaces on Force.com
 
Salesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksSalesforce Security Review Tips and Tricks
Salesforce Security Review Tips and Tricks
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDK
 
Secure Salesforce: Code Scanning with Checkmarx
Secure Salesforce: Code Scanning with CheckmarxSecure Salesforce: Code Scanning with Checkmarx
Secure Salesforce: Code Scanning with Checkmarx
 
Designing Custom REST and SOAP Interfaces on Force.com
Designing Custom REST and SOAP Interfaces on Force.comDesigning Custom REST and SOAP Interfaces on Force.com
Designing Custom REST and SOAP Interfaces on Force.com
 
Security Boundaries in Apex
Security Boundaries in ApexSecurity Boundaries in Apex
Security Boundaries in Apex
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDK
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce InstanceSecure Salesforce: Secret Storage in Your Salesforce Instance
Secure Salesforce: Secret Storage in Your Salesforce Instance
 
Lightning Chess, The fun way to learn the Lightning Component Framework
Lightning Chess, The fun way to learn the Lightning Component FrameworkLightning Chess, The fun way to learn the Lightning Component Framework
Lightning Chess, The fun way to learn the Lightning Component Framework
 
Deep Dive into Apex Triggers
Deep Dive into Apex TriggersDeep Dive into Apex Triggers
Deep Dive into Apex Triggers
 
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxLWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
 
Secure Salesforce: CRUD / FLS / Sharing
Secure Salesforce: CRUD / FLS / SharingSecure Salesforce: CRUD / FLS / Sharing
Secure Salesforce: CRUD / FLS / Sharing
 
How to Launch Your AppExchange App at Dreamforce
How to Launch Your AppExchange App at DreamforceHow to Launch Your AppExchange App at Dreamforce
How to Launch Your AppExchange App at Dreamforce
 
Salesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer StrategySalesforce Platform Encryption Developer Strategy
Salesforce Platform Encryption Developer Strategy
 
jsForce in Action
jsForce in ActionjsForce in Action
jsForce in Action
 
Build Consumer-Facing Apps with Heroku Connect
Build Consumer-Facing Apps with Heroku ConnectBuild Consumer-Facing Apps with Heroku Connect
Build Consumer-Facing Apps with Heroku Connect
 

Mais de Salesforce Developers

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSalesforce Developers
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base ComponentsSalesforce Developers
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsSalesforce Developers
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaSalesforce Developers
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentSalesforce Developers
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsSalesforce Developers
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsSalesforce Developers
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsSalesforce Developers
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilitySalesforce Developers
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionSalesforce Developers
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPSalesforce Developers
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceSalesforce Developers
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureSalesforce Developers
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DXSalesforce Developers
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectSalesforce Developers
 
Modern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesModern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesSalesforce Developers
 

Mais de Salesforce Developers (20)

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base Components
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer Highlights
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX India
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local Development
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web Components
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web Components
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer Highlights
 
Live coding with LWC
Live coding with LWCLive coding with LWC
Live coding with LWC
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An Introduction
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCP
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in Salesforce
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DX
 
Get Into Lightning Flow Development
Get Into Lightning Flow DevelopmentGet Into Lightning Flow Development
Get Into Lightning Flow Development
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS Connect
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoft
 
Modern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesModern App Dev: Modular Development Strategies
Modern App Dev: Modular Development Strategies
 
Dreamforce Developer Recap
Dreamforce Developer RecapDreamforce Developer Recap
Dreamforce Developer Recap
 

Último

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 

Último (20)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 

Secure Salesforce: Lightning Components Best Practices

  • 1. Secure Salesforce: Lightning Component Best Practices Secure best practices ​ Sergey Gorbaty ​ SMTS Product Security ​ sergey.gorbaty@salesforce.com ​ @ser_gor ​  ​ Robert Sussland ​ SMTS Product Security ​ rsussland@salesforce.com ​ 
  • 2. ​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
  • 3. Sergey Gorbaty SMTS Product Security, Salesforce
  • 4. Robert Sussland SMTS Product Security, Salesforce
  • 5. •  Client Side Security •  Security Model and Dangers •  Lightning Domain Separation •  Playing Safe Within Your Locker •  Content Security Policy •  Escaping, Rendering, External Scripts •  Server Side Security •  Apex Controllers, Aura Methods •  CRUD, FLS •  Summary Agenda
  • 7. •  Lightning applications built using components •  Components come from your org, from Salesforce and from AppExchange •  All non-Salesforce authored Lightning components run from the Lightning Domain* •  Same Origin Policy Browser Security Model •  Many components will be rendered from the same Lightning Domain •  Security risks come from JavaScript and not from Lightning design •  JavaScript from different code bases runs on the same domain •  Can access everything Security Model and Dangers
  • 8. •  Lightning domains are used for all things Lightning •  Including partner applications, components •  Data and metadata fetching •  Domain separation will improve over time •  Each component needs to play safe within its locker to avoid breakage Lightning Domain Separation
  • 9. Do not: •  Send user data to 3rd party external domains •  Clobber Aura built-in methods •  Implement component RPC yourself •  Trigger DML operations from init() •  Modify DOM in the controller •  Fire events from renderer •  Use 3rd party MVC Playing Safe Within Your Locker
  • 10. Do: •  Call your own controller’s @AuraEnabled methods •  Modify only your own component’s DOM •  Use <aura:method> to define component actions •  Use events for communication •  COMPONENT type events for internal events •  APPLICATION type events should be treated as ‘navigation’ •  Practice JavaScript secure coding best practices Playing Safe Within Your Locker (Cont’d.)
  • 11. •  Common ground rules for safe-by-default communication •  XHR, websockets can only connect to the application origin •  Script sources can only be loaded from the application origin, e.g. from static resources •  All components are subject to CSP •  Additional rules are enforced at the security review •  No eval(), inline JavaScript, dynamic <script> creation, innerHTML based rendering… •  Latest details posted at •  https://developer.salesforce.com/page/Lightning_Security Content Security Policy
  • 12. •  Avoid href assignment via document.location.href •  Use relative URL with ‘/’ and encodeURI •  String attributes need to be escaped if rendered outside of Lightning rendering •  Avoid rendering using <unescapedHTML>, v.body, innerHTML •  Instead of element.innerHTML = ‘<div class=‘ + class + ‘”>’ + name + ‘</div>’; •  Use element.className = class; element.innerText = name; •  Public attribute of String data must be escaped before assignment to v.body •  For additional escaping functions check Aura.Utils.SecureFilters Component Data Rendering Tips
  • 13. Demo
  • 15. •  Use unambiguous class sharing definition •  with sharing •  without sharing •  Assume any @AuraEnabled method is global == web service •  Components may call it out of order •  Additional checks are needed due to various user levels Apex Controllers, Aura Methods
  • 16. •  Apex runs in a system mode, will return all data for every user •  Lighting Components do not have automatic CRUD enforcement •  Each @AuraEnabled method that returns data must perform checks •  Do not assume user has access to all fields •  Checks must be performed on all objects •  Checks allow best user experience when access is limited •  Documentation •  https://developer.salesforce.com/page/Testing_CRUD_and_FLS_Enforcement CRUD, FLS
  • 17. Demo
  • 19. •  User input and 3rd party data needs to be rendered safely, use escaping •  Never assume user has access to anything, perform proper checks in Apex •  Use JavaScript defensively and do not access other components’ DOM directly Summary
  • 21. Secure Salesforce at Dreamforce 2015 ​  10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of Security on the Salesforce Platform ​  Visit our booth in the DevZone with any security questions ​  Check out the schedule and details at http://bit.ly/DF15Sec ​  Admin-related security questions? ​  Join us for coffee in the Admin Zone Security Cafe
  • 22. Secure Salesforce Sesssions ​  Common Secure Coding Mistakes ​  Rachel Black and Alejandro Raigon Munoz ​  THURSDAY ​  5:00pm in Moscone West 2006 ​  Chimera: External Integration Security ​  Tim Bach and Travis Safford ​  FRIDAY ​  10:00am in Moscone West 2009