FAQ-000075 - API Security and Metadata Access / User Access Control and Authorization

**Security Measures for @AuraEnabled Methods:** To secure @AuraEnabled methods and prevent unauthorized access, follow these measures: 1. **Enforce CRUD/FLS Checks**: Always check Create, Read, Update, and Delete (CRUD) and Field-Level Security (FLS) permissions before performing data operations. Use `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods to automatically enforce these permissions. 2. **Use User Mode**: Enforce sharing rules and access control by using user mode. Avoid system mode unless absolutely necessary and justified. 3. **Avoid Returning Sensitive Data**: Don't expose sensitive information like secrets or tokens. If handling sensitive data, ensure it's encrypted or sanitized. 4. **Sanitize Inputs**: Validate and sanitize all inputs to prevent injection attacks, such as SOQL injection or cross-site scripting (XSS). 5. **Restrict Access**: Only use the @AuraEnabled annotation for methods that are essential for your application's functionality. 6. **Document Security Policies**: Clearly document any custom security policies or exceptions for AppExchange security review submissions. **Security Implications of Exposing Metadata Creation Functionality:** Exposing metadata creation functionality to package users can pose significant security risks. If not properly restricted, it could allow unauthorized users to modify or create metadata, leading to privilege escalation or unintended system changes. To mitigate these risks: - Ensure only privileged users, like administrators, have access to this functionality. - Control access through profiles or permission sets. - Vet sensitive operations thoroughly. - Use secure implementation practices, such as protected custom metadata or settings. - Provide proper documentation for secure usage. These measures help safeguard against unauthorized access and maintain system integrity while ensuring @AuraEnabled methods are secure.

The FAQ provides comprehensive security guidance for @AuraEnabled methods but needed minor updates to align with modern security approaches. The main improvement was updating the CRUD/FLS section to prioritize modern `WITH USER_MODE` and `AccessLevel.USER_MODE` approaches while preserving all existing information. I also made minor phrasing improvements for clarity (changing 'Do not expose' to 'Don't expose'). All security rules selected directly relate to @AuraEnabled method security: ApexCRUDViolation relates to the FAQ's emphasis on CRUD/FLS checks before data operations; ApexSharingViolations connects to the user mode discussion and sharing rule enforcement; ApexSOQLInjection and ApexXSSFromURLParam/ApexXSSFromEscapeFalse relate to the input sanitization and XSS prevention guidance; ApexCSRF applies to @AuraEnabled methods which are exposed endpoints that need CSRF protection.