FAQ-000503 - Custom Settings and Configuration Security / Protected Custom Settings vs Other Storage Methods

Restricted encrypted fields and protected custom settings have distinct purposes and functionalities for handling sensitive data: 1. **Restricted Encrypted Fields**: - Use 128-bit keys and AES encryption. - Suitable for sensitive data like credit card numbers or social security numbers. - Not recommended for authentication data (e.g., API keys, passwords). - Only users with the "View Encrypted Data" permission can see unencrypted values. 2. **Protected Custom Settings**: - Designed for sensitive data like authentication credentials. - Provide default encryption and aren't visible through the UI. - More secure for storing authentication data compared to encrypted fields. In short, restricted encrypted fields are ideal for general sensitive data, while protected custom settings are better for securely storing authentication-related data.

The FAQ content is accurate and well-structured. I made one minor textual improvement by changing 'are not visible' to 'aren't visible' to make the tone more conversational as per the brand guidelines. The content effectively explains the differences between these two security features. For security rule associations: - ApexSuggestUsingNamedCred: This rule recommends using Named Credentials instead of hardcoded credentials, which directly relates to the FAQ's discussion of protected custom settings for authentication data storage. - AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInHttpHeader: These rules all prevent hardcoding credentials in various code locations, which relates to the FAQ's explanation that protected custom settings are the proper way to store authentication credentials securely. - ProtectSensitiveData: This rule directly applies to the FAQ's core topic of protecting sensitive data through proper storage mechanisms like encrypted fields and protected custom settings.