Alba Rivas is a Lead Developer Evangelist at Salesforce and former Salesforce MVP. While in the past, Alba has presented frequently on migrating to Lightning Web Components (LWC) – today, she talks about data security on the platform. We chat about some best practices to prevent leaking data or creating dangerous app security vulnerabilities when coding with Apex and with LWC. She also shares some tips and tricks for handling secrets in encryption.
Alba believes any developer should think about data security right from the very beginning and that applying best practices is crucial for having a high quality application to prevent vulnerabilities and attacks, which could be a big issue for any company.
Show Highlights:
Moving from Visualforce to Lightning Web Components (LWC)
Creating a Trailhead Module
CRUD field level security vs. record level security
The importance of Apex and how it works within SQL queries
How to use schema to check if somebody has access to a record
What the Apex recipes project does and what functions support security
What Apex’s pilot user mode does and what the SOQL injection is for
An example of a successful injection attack and what it does to a web application
What is a cross-site scripting attack?
Lightning Locker vs. content security policy (CSP)
How to enforce security in LWC
Some edge cases LWC developers need to worry about
Tips for securing data back in the database itself and protecting custom metadata
Links:
Visualforce
Trailhead Module
Alba on Twitter: @AlbaSFDC
Alba on Linkedin: https://www.linkedin.com/in/alba-rivas/
Alba on Github: https://github.com/albarivas
Alba’s post on security: https://developer.salesforce.com/blogs/2021/07/security-for-salesforce-developers.html
Connect with Salesforce Developers:
Website: https://www.developer.salesforce.com/
Facebook: https://www.facebook.com/salesforcedevs/
Twitter: https://www.twitter.com/salesforcedevs
LinkedIn: https://www.linkedin.com/showcase/salesforce-developers