You need to sign in to do that
Don't have an account?
Afrose Ahamed
Managed Package Insecure Storage of Sensitive Data Vulnerability Issue
Hi All,
Greetings of the day!
We are storing password as a encryptedText in a custom object but still we have got flagged by salesforce security review. To connect external database we need to store external password in salesforce. By changing visibility to private will solve the issue or shall we explain to security review team about why we are storing will they approve? Please advise.
<fields> <fullName>Password__c</fullName> <deprecated>false</deprecated> <externalId>false</externalId> <inlineHelpText>What is the password used by this user to connect to the database?</inlineHelpText> <label>Password</label> <length>30</length> <maskChar>asterisk</maskChar> <maskType>all</maskType> <required>false</required> <trackTrending>false</trackTrending> <type>EncryptedText</type> </fields> ... <sharingModel>ReadWrite</sharingModel> <visibility>Public</visibility> </CustomObject>
See if you can connect with security team and explain same, however you would need to follow instructions mentioned by security team so that your app would be approved sooner. Best suggest would be reaching out security team.
https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review_overview.htm
Thanks,