Record ownership is at the core of Salesforce’s record access capabilities, which allow you to specify which users or types of users should be able to access specific records or types of records. Salesforce.com’s architects and developers have spent years creating a highly functional and massively scalable record access infrastructure around record ownership, saving you the monumental effort of building that infrastructure yourself.
In this post, you’ll learn how those years of heavy lifting have actually simplified record access for the most common enterprise security models, allowing you to configure record access declaratively instead of with painstakingly developed code. You’ll also get an “under the hood” view of record access, and learn how to implement your record access model and avoid potential pitfalls along the way. Continue reading
It’s important that you are confident that your cloud provider has the world-class security and privacy solutions to adequately protect your data. So what does it take to trust a cloud? Read on to learn why you should trust salesforce.com cloud solutions with your assets. Continue reading
In Blog: engineering
| Also tagged architecture
Permission sets make salesforce.com admin’s lives easier by assigning permissions to users with more granularity than what a profile already provides. Using SOQL enables admins to view those permission assignments across their user’s profile and permission sets. Continue reading
How not to CSRF yourself on Force.com. Now with 20% more llamas. Continue reading
A year back we began supporting source code analysis on Force.com through http://security.force.com/sourcescanner. We've had great success with it, but the number one piece of feedback we've gotten from all of you was why there wasn't any integration with the Force.com IDE.
Checkmarx, the company we partnered with to provide Force.com source scanning, has stepped up and made an offering available to all of you. For 90 days, for the first 1000 developers, they'll give away a free version of an Eclipse plugin that can scan all Force.com code (under 100k LoC). The great thing about this is that you get… Continue reading
On top of the several security talks that we'll have at Dreamforce, we'll also have a security booth in the dev zone.
Here's what we'll have:
- Code Consultations
- Security Quiz (we'll have another prize
- General Q&A
- Demo and a free trial of a new tool which will help native app security/quality
For those interested, sign up for code consultations in the Dreamforce app. See you there!
-Robert… Continue reading
I was really happy about the number of folks who took the quiz and the interest in it. More-so, I was completely surprised that we had someone actually score 100% on the quiz given its difficulty. I was even more blown away when I woke up on 12/1 and saw that three folks had scored 100%!
To everyone, congrats and I hope it was useful. Without further ado, here are your winners:
- Shamil Arsunukayev – Comity Designs
- Rajendra Singh Ogra – Metacube Software
- Arvind Chaudhary – freelancing
Shamil won the RC Helicopter and Rajendra/Arvind will receive… Continue reading
The Developer Security Quiz Challenge has been going on for a couple weeks. Not too long ago there was a 20 Way Tie – but that's old news. We've got a new high score.
You can beat it. Lets have the first 100% score!
We'll close the contest at 23:59:59 PST on 11/30. Get your quiz in today - http://security.force.com/platformquiz.
-Robert… Continue reading
We've had over 75 people take the quiz in the last week attempting to win the RC helicopter and claim eternal fame for their security knowledge. Here's where we are:
- The most common score on the quiz is 50%.
- There is currently a 20 way tie for the top score.
- That score is 50%.
- That score needs to be surpassed
You can take the quiz more then once with a new email address. I'd recommend folks view the training and secure coding guidelines as all of the topics covered are discussed in these two areas.
Take a shot at the quiz and