• Damon
  • NEWBIE
  • 0 Points
  • Member since 2008

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 3
    Questions
  • 1
    Replies
Folks,

I'm attempting to use Encrypted Fields and I think I need some guidance on their use in the context of storing passwords for use with a remote web services API.  The situation is this:

I want to add Username and Password fields to the Users object, and I want the password field to appear masked when viewed by other users.  (Masking during input would be nice, but I can live without it.)  Here's the key requirement without which I cannot live, though:  I need my Apex code (executed via an S-Control snippet exposed as a Custom Button) to be able to read the Encrypted Field's value to authenticate successfully against a remote web services API.

Here's the main issue:

The MASKED data is used internally unless the user has "View Encrypted Data" enabled in their profile.

This is a big one.  I can't feasibly add the "View Encrypted Data" privilege to every user's profile; while doing so will ostensibly allow Apex code to access the field's actual value (rather than a masked value), this also makes the field viewable to anyone with access to the relevant record.  This negates any value gained by using the Encrypted Field to store sensitive data (since it becomes visible to everyone with access to the record).

I thought about trying to implement some kind of privileged code execution wherein the Apex code is run as a user with "View Encrypted Data" privileges while the end users do not have this privilege.  That would seem to solve the problem.  Unfortunately, I can't find a way to do this.

In addition, adding the "View Encrypted Data" privilege would likely require creation of a new (custom) profile.  Since these can't be included in application packages, this would represent yet one more manual step required of the users installing a custom application (in addition to, for example, Layout changes and Remote Site Settings for allowing use of a remote web services API).

Have I missed something fundamental here?  Any suggestions or advice would be very welcome.

Thanks,

Damon
  • November 18, 2008
  • Like
  • 0
Hi all,

I'm relatively new to Salesforce development so I apologize in advance if this is an obvious question...  Here's the deal:  I'm using a web services call to integrate with an external application (via Javascript -> APEX) and I need to store authentication credentials within Salesforce.  These credentials are for authentication to the web service and they will be the same for all users within a given Salesforce implementation.  I don't want the administrators to have to enter the same username and password for every User they create so I'm trying to find a way to store the data once and reference it from JavaScript or the APEX classes.  Has anyone done this?

I've search for "global variable", "shared variable", "application-specific configuration", etc. but the results are not useful.  One thought was extending the "Setup" items to include some application-specific data but I can't find a way to do this anywhere.  I even thought about using a Static Resource but that seems unnecessarily cumbersome; I'd have read the file every time a web services call was made.

Any suggestions would be much-appreciated.

Thanks,

Damon
  • October 30, 2008
  • Like
  • 0
Hi all.  I'm working on a project wherein  I need to understand if it's possible to modify built-in fields such that they become links which initiate an external web services call.  I've already got the Apex code in place to make the web services call so that part is working; I added a custom Tab based on an S-Control that calls the relevant class.  What I now need to do is take that from a custom Tab and embed it into an existing Tab.  Specifically, I'd like to modify existing fields so they become JavaScript onClick events which call my Apex class.  Is this possible?  I'm initially targetting the phone number fields within a Contact record.

As an alternative, I would consider adding a custom link that calls my Apex class but I want the link to appear as near as possible to the built-in field so users understand the relationship.  I was thinking of perhaps making the link an image to visually describe the expected action.  I looked at the built-in CTI functionality but it's not really intended for making external web services calls since the embedded URL includes explicit references to "localhost".

Any advice would be much-appreciated.

Thanks!

Damon
  • October 29, 2008
  • Like
  • 0
I need to add a custom field to the "Contact" object which would hold Social Security number. since this is a sensitive info I want it to showup like a password field (<input type="password">) in the contact form. how this can be done?

Thanks,
Bijan

  • October 22, 2008
  • Like
  • 0