+ Start a Discussion

Spoofing identity

Hi guys,

I have run the Checkmarx security took against my apex code and I have got half a red circle in the section Problems by Impacts saying "Spoofing identity".

Could anybody please shed some light about how to tackle this.

To give you some more detail about the applicatoin:

It consits of VF pages and components and infrastructure classes. After a user saves an account let say I have some javascript which redirects the user to my page (VF page). On my page I present some information to the user and I have a button "Continue" when the user clicks the button I return the user to his original SalesForce accounts page with that record selected.

During all redirects I am passing the record id parameter in the url.So more technical the process is:

1. user saves an account.

2. My override account controller constructs a redirect url to my custom VF page and includes the account id as url paramter.

3. Must custom page reads the account id and presents some information to the user.

4. User clicks "Continue" and the user gets redirected back to the accounts page.







If you want to know what a spoofing is you can search in on google.. :D

It might be related with the URLs that you might be using in your code,  you can check the following link, where they have mentioned how to prevent different types of attack in Apex and VF.



Your problem might get solved if you check the "Cross Site Scripting" or "Cross-Site Forgery", the provided code in the article can be helpful for you to solve your problem.


Hope this will help you to resolve you problem, if it does plz mark this as solved!!!