• NileshAspire
  • NEWBIE
  • 0 Points
  • Member since 2012

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 2
    Replies

HI,

 

The requirement is authentication between webservice and salesforce. 

I have created webservice in .net which is import and export data in excel sheet.

i have built one page which has list of salesforce user in .net, it will display in salesforce(for that i used web tab).

if administrator select one of user from the list and save it.it will save userId,Username and new generated security token in sql server and update that security token in according user record in salesforce. 

when salesforce user request the webservice it will check with username and token.whether this user has permission or not and preceed further.

 

I am getting this issue, when i request webservice from salesforce.

 

Insecure Storage of Sensitive Data Vulnerability

If your application copies and stores sensitive data that originated at salesforce.com, you should take extra precaution. Salesforce.com takes threats to data that originated at their site very seriously, and a data breach or loss could jeopardize your relationship with salesforce.com if you are a partner.

If you must store passwords (including non-Salesforce passwords), note that storing them in plaintext or hashed (such as with the MD5 function) makes your application vulnerable to mass user exploitation if an attacker can get access (even just read-only access) to your database (such as through stealing a backup tape or SQL injection). Although a successful SQL injection or data exposure attack is a huge problem in itself, if the attacker can recover passwords from the data, they cantransparently compromise user accounts on a mass scale.

 

My question is,

if i convert username and token before saving into the sql server, it will solve my problem..?

i would like to inform that, i am using lead data in webservice..

This data also i want to convert it into the mdf before import or export in excel sheet..?

 

Please help me, to solved this issue.

 

Thanks & Regards,

Nilesh Badrakiya

 

HI,

 

The requirement is authentication between webservice and salesforce. 

I have created webservice in .net which is import and export data in excel sheet.

i have built one page which has list of salesforce user in .net, it will display in salesforce(for that i used web tab).

if administrator select one of user from the list and save it.it will save userId,Username and new generated security token in sql server and update that security token in according user record in salesforce. 

when salesforce user request the webservice it will check with username and token.whether this user has permission or not and preceed further.

 

I am getting this issue, when i request webservice from salesforce.

 

Insecure Storage of Sensitive Data Vulnerability

If your application copies and stores sensitive data that originated at salesforce.com, you should take extra precaution. Salesforce.com takes threats to data that originated at their site very seriously, and a data breach or loss could jeopardize your relationship with salesforce.com if you are a partner.

If you must store passwords (including non-Salesforce passwords), note that storing them in plaintext or hashed (such as with the MD5 function) makes your application vulnerable to mass user exploitation if an attacker can get access (even just read-only access) to your database (such as through stealing a backup tape or SQL injection). Although a successful SQL injection or data exposure attack is a huge problem in itself, if the attacker can recover passwords from the data, they cantransparently compromise user accounts on a mass scale.

 

My question is,

if i convert username and token before saving into the sql server, it will solve my problem..?

i would like to inform that, i am using lead data in webservice..

This data also i want to convert it into the mdf before import or export in excel sheet..?

 

Please help me, to solved this issue.

 

Thanks & Regards,

Nilesh Badrakiya