Apex Code Development You need to sign in to do that
Don't have an account?
kzmp Passing record id in url between two VS pages
Hi guys,
We are developing a managed package which we would like to prepare for a security review.
In the package we have logic in a one VF page's controller which returns a PageReference object and redirects to another VF page. We want to be able to pass the record id from the first page to the second page and we are currently doing that by adding the id to the url as a parameter string.
We have a problem with security review with this approach. I wandered what would you recommend to make that more secure.Probably a session inside of SalesForce or encrypt the id or how?
Thanks,
Kos
Hi Kos,
What is the specific security issue that is being flagged? If the ID you are passing is dynamic, typically it shouldn't be a problem, but a lot also depends on the implementation.
Thanks,
varun
All Answers
Hi Kos,
What is the specific security issue that is being flagged? If the ID you are passing is dynamic, typically it shouldn't be a problem, but a lot also depends on the implementation.
Thanks,
varun
Hi,
You are right it is not a problem. I just had to make sure that I escape it properly with the escape string function provided by the API when I use it in the where clause of a query.
Now I am getting a different issue: "Spoofing Identity" but that is another story.
Thank you for your reply.
Kos