Document Tab Audit Trail
Do we have an audit trail or history in the Documents Tab? I am currently adding a link in the documents tab that will allow user to view or print the company forms stored in our server. I am thingking if it is possible to create an audit trail that will monitor which user viewed or accessed or print that particular form. Does someone have an idea?
Many Many thanks!
Accessing documents on internal network through link pasted into field on page detail
Spammer Using Forms
We have a spammer that has got a hold of our web-to-lead form and is submitting false leads. I ran a test to determine that it is not being submitted from our server. Is there a way I can filter leads so they only come from our server? Or any other solution?
Error decrypting string:
Hi I am trying to use CLI to encrypt password and decrypt the same.
I tried following :
encrypt -g anil
and it returned : 291988e8b2ff083d
Now when I tried to decrypt the same using following command: -
encrypt -v 291988e8b2ff083d anil
Now it is throwing following error: -
Error decrypting string: 291988e8b2ff083d, error: Given final block not properly padded
Can any one tell me what wrong I did.
Authentication mechanism using HTTPS post
I have a basic question around security when it comes to integration using web-links. Take a very typical web-link integration example wherein a visualforce page in SFDC has a link/button that has a URL to another internal/external application. When user clicks on the link/button, the visualforce page will make an HTTPS POST to the other application passsing certain hidden parameters like username,email,sessionid,orgid,etc. The other application will use this information to authenticate the user in their system and respond with the appropriate page.
Since this was not very secure, an added functionality that we used here in order to make it a more robust and secure is a web service call back to SFDC. For e.g. the other application upon receiving the HTTPS request from SFDC will make a web service call to SFDC (custom apex web service) and pass the same values that was sent over by SFDC to the other app.SFDC web service will then authenticate the request based on username and email address and orgid and then return a true or false.
The question is: How secure is this kind of "authentication" mechanism. This is not a true SSO, but appears to be like one. How can we make this kind of authentication more robust without having to enable SAML or SSO? What are the best preactices for an integration using HTTPS post?
Administer only 1 profile and it's users.
Please forgive the naive question but aay I have Profile A - System Admins.... Profile B - System Admins.. How do I give Profile A the capability to perform full admin of Profile A and all it's users without also giving the capability to perform admin over profile B?
Security Tech talk
Attachment security & IsPrivate
We have some strange effects with respect to attachments. They don't seem to behave like a normal object, which is both concerning and limiting. The problem is:
Users are normally restricted to the objects they own and those which are shared with them through the sharing settings. We have shared some of our objects on the basis of roles such that a user can see the records of another in the same department. What we are finding however is the following:
- Attachments can be viewed regardless of whether they have access to the parent record
- Attachments can be found and opened in the quick search even if they have no access to the parent record (most disturbing)
The work around to this is apparently to set the IsPrivate flag, however:
- If you set the IsPrivate flag it doesn't respect the normal sharing settings of the parent object (i.e. it is restricted only to the creator of the attachment.)
- If you set the IsPrivate flag you can't open the attachment but the attachment is still listed in searches (you just get an insufficient privileges error)
- If you don't set the IsPrivate flag any user can see any attachment if they search for something obvious like 'pdf'
Is there a workaround? Is there another setting I should look at? Is the security for attachments just broken?
Thanks for any assistance.
How to fix System.currentPageReference().getParameters().get('objtype')
In one of my application security scanner show the following line have problem .how to fix this type of line in apex controller.