function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Afrose AhamedAfrose Ahamed 

Managed Package Insecure Storage of Sensitive Data Vulnerability Issue

Hi All,
Greetings of the day! 
We are storing password as a encryptedText in a custom object but still we have got flagged by salesforce security review. To connect external database we need to  store external password in salesforce. By changing visibility to private will solve the issue or shall we explain to security review team about why we are storing will they approve? Please advise.

 

<fields>

        <fullName>Password__c</fullName>

        <deprecated>false</deprecated>

        <externalId>false</externalId>

        <inlineHelpText>What is the password used by this user to connect to the database?</inlineHelpText>

        <label>Password</label>

        <length>30</length>

        <maskChar>asterisk</maskChar>

        <maskType>all</maskType>

        <required>false</required>

        <trackTrending>false</trackTrending>

        <type>EncryptedText</type>

    </fields>

        ...

        <sharingModel>ReadWrite</sharingModel>

    	<visibility>Public</visibility>

	</CustomObject>
Best Answer chosen by Afrose Ahamed
VinayVinay (Salesforce Developers) 
Hi Afrose,

See if you can connect with security team and explain same, however you would need to follow instructions mentioned by security team so that your app would be approved sooner. Best suggest would be reaching out security team.

https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review_overview.htm

Thanks,