function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

2 Security issues in managed package


SFDC security has found 2 issues in my managed package, where I need some inputs.


1. My first security issue is "Authentication Vulnerability", the webservice that is being called from SFDC is not authenticated. (External WebService does not require authentication). However, our managed package code does pass username and token which are authenticated in the .Net web service we have built. What other authentication is required?


2. "Insecure Storage of Sensitive Data Vulnerability". We store a lot of data in file that came from SFDC. Does that mean, we need to encrypt all those data? What if the data is to be consumed by user manually? As such, SFDC report talks about Storing Secrets, which means to me that it is asking about securing the storage of token that is authenticated. We are already creating hash of token and storing it in database. What else we should do?


Thanks for your comments.