Connecting Google App Engine and Salesforce.com with oAuth

by Quinton Wall on April 19, 2010 at 12:16 PM

Oauth
Community member Jeff Douglas recently contributed a great new project to Code Share. The Force.com oAuth project provides a sample Java webapp deployed in Google App Engine which uses oAuth to connect to Salesforce.com
Read more »

Comments (3) | TrackBack (0)

Introducing Force.com Secure Cloud Development

by Robert Fly on April 9, 2010 at 05:10 AM

I'm very excited to report that we've published a new section of developer.force.com, Force.com Secure Cloud Development. This brings together the complete set of developer resources covering secure development practices on Force.com, and represents our continuing investment in tools and content designed to maintain the security of the entire Force.com ecosystem. In my previous post, I mentioned that we had a number of new and free tools, training and resources for our developer community. I'm...
Read more »

Comments (1) | TrackBack (0)

Force.com Secure Cloud Development - Upcoming Webinar

by Robert Fly on March 19, 2010 at 07:31 AM

Over the last several years our internal security team at salesforce.com has been hard at work building several fantastic new tools and resources for our developer community. What started off as internal tools and personal projects have grown into much more than that and on April 6th we'll be releasing all of the built up collateral. Some of the resources we've been sharing with different internal and external audiences over the last year and we've...
Read more »

Comments (3) | TrackBack (0)

Implementing Single Sign-On with SAML on Force.com (and OpenSSO)

by Jon Mountjoy on December 1, 2009 at 06:00 AM

Learn how to create an SSO implementation using Force.com, OpenSSO and Glassfish.
Read more »

Comments (0) | TrackBack (0)

Who is no-reply and why am I getting e-mails from him?

by Nick Simha on August 18, 2009 at 10:50 AM

Mail-blog1
You may have noticed e-mails sent from your Salesforce Org to have no reply in the From field as shown below. The reason that Salesforce does this is to enable Sender ID compliance. Sender ID compliance enables the receiving e-mail server to authenticate the sending e-mail server. If your recipient organization has the Sender ID compliance feature turned on and your sending e-mail server doesn't comply with it your e-mails will not be delivered to...
Read more »

Comments (0) | TrackBack (0)

More Secure Sites Forms with Encrypted Keys

by John Kucera on August 3, 2009 at 06:46 AM

The power of Sites is the ability to publicly expose Salesforce data to the world. In another post on the marketing blog, I showed one application of Sites for event registration forms which eliminates Lead duplicates & prevents prospects from having to retype their information. While Sites is secure and battle tested, if you expose Salesforce data using the typical URL syntax of: ?id=00Q3000000PKsCa a hacker could start guessing other IDs and either scrape information...
Read more »

Comments (1) | TrackBack (0)

Best Practice: Sites and record identifiers

by Ron Hess on April 13, 2009 at 04:19 PM

Now that Force.com Sites is out in the developer community as a preview, we are starting to see several interesting and powerful use cases that involve generating forms that will input data into the Force.com database. As these use cases come up, we are often asked is it acceptable from a security perspective to allow the Sites Public User to input data directly into the database ? The answer is Yes, however as a developer...
Read more »

Comments (5) | TrackBack (0)

Debunking the Myth of Control

by Peter Coffee on January 29, 2009 at 02:43 PM

This just in: Ex-Fannie Mae worker charged with planting computer virus By Freeman Klopott Examiner Staff Writer 1/29/09 A fired Fannie Mae contract employee allegedly placed a virus in the mortgage giant’s software that could have shut the company down for at least a week and caused millions of dollars in damage, prosecutors say. Rajendrasinh Makwana, an Indian citizen, was indicted Tuesday on computer intrusion charges. The former Gaithersburg resident is out on $100,000 bail,...
Read more »

Comments (0) | TrackBack (0)

Community Update: Intros, Tour de Force, Visualforce

by Jon Mountjoy on May 30, 2008 at 05:03 AM

I'll be working here as the community manager and editor-in-chief of developer.force.com. As a result, I hope to be touching base with a lot of you developers, ISVs and admins out there, as well our internal salesforce.com employees.
Read more »

Comments (1) | TrackBack (0)

Sforce Single Sign On

by PK on July 25, 2005 at 10:11 AM

There's been some recent discussion on SXIP's decision to build hardware to support Salesforce.com's delegated authentication protocol. Delegated authentication is a process where Salesforce makes a secure web services call to an endpoint that a customer defines. Salesforce can delegate authentication to the customer, which can allow for building web single sign on, integration with two-factor, integration with an LDAP directory, and many other possibilities. What hasn't been discussed is why Salesforce is using a...
Read more »

Comments (5)

Next »