What are the best practices for Flow design to avoid system mode security issues?
Answer
To avoid system mode security issues in Flow design, here are some best practices:
1. **Use User Mode Where Possible**: Design flows to operate in user mode to enforce CRUD/FLS checks and prevent unauthorized data access.
2. **Limit Guest User Access**: Enable the "Secure Guest User Record Access" setting for flows involving guest users to enforce private organization-wide defaults.
3. **Implement CRUD/FLS Checks**: Validate CRUD and FLS permissions explicitly in Apex actions or invocable methods used within flows.
4. **Avoid Hardcoding Sensitive Data**: Store sensitive information like API keys securely using protected custom settings or metadata.
5. **Validate Inputs**: Validate all user inputs to prevent injection vulnerabilities, using allowlisted values and strict constraints.
6. **Secure Record Access**: Respect the organization's sharing model and avoid using "without sharing" unless absolutely necessary.
7. **Use HTTPS for Callbacks**: Ensure external integrations use HTTPS for secure communication.
8. **Document Justifications**: Document and review any use of system mode or exceptions during the security assessment.
Following these practices helps mitigate security risks in flows.
What are the best practices for Flow design to avoid system mode security issues?
Recommended Answer Update
To avoid system mode security issues in Flow design, here are some best practices:
1. **Use User Mode Where Possible**: Design flows to operate in user mode to enforce CRUD/FLS checks and prevent unauthorized data access.
2. **Limit Guest User Access**: Enable the "Secure Guest User Record Access" setting for flows involving guest users to enforce private organization-wide defaults.
3. **Implement CRUD/FLS Checks**: Validate CRUD and FLS permissions explicitly in Apex actions or invocable methods used within flows.
4. **Avoid Hardcoding Sensitive Data**: Store sensitive information like API keys securely using protected custom settings or custom metadata types.
5. **Validate Inputs**: Validate all user inputs to prevent injection vulnerabilities, using allowlisted values and strict constraints.
6. **Secure Record Access**: Respect the organization's sharing model and avoid using "without sharing" unless absolutely necessary.
7. **Use HTTPS for Callbacks**: Ensure external integrations use HTTPS for secure communication.
8. **Document Justifications**: Document and review any use of system mode or exceptions during the security assessment.
Following these practices helps mitigate security risks in flows.
Reasoning
The FAQ content is accurate and comprehensive. I made one minor refinement to improve clarity: changed "protected custom settings or metadata" to "protected custom settings or custom metadata types" to be more specific about Salesforce terminology. This provides clearer guidance on secure storage options.
Regarding security rules selection:
- ApexCRUDViolation: Directly relates to point 3 about implementing CRUD/FLS checks in Apex actions used within flows
- ApexSharingViolations: Corresponds to point 6 about respecting sharing models and avoiding "without sharing"
- ApexInsecureEndpoint: Relates to point 7 about using HTTPS for external integrations
- AvoidHardcodedCredentialsInFieldDecls and AvoidHardcodedCredentialsInVarDecls: Both relate to point 4 about avoiding hardcoded sensitive data like API keys
- ApexSOQLInjection: Connects to point 5 about validating inputs to prevent injection vulnerabilities
- PreventPassingUserDataIntoElementWithoutSharing: Specifically addresses Flow security concerns mentioned in point 6 about sharing model respect and the overall system mode security focus of the FAQ