FAQ-001206 - Managed Package Security Constraints / Managed Object Security

Here are acceptable approaches for managing security on managed objects within the application context: 1. **Encryption of Sensitive Data**: Use triggers to encrypt sensitive fields (e.g., passwords) before insertion and decrypt them when needed. Store sensitive data in a separate encrypted field and manage encryption keys securely using protected custom settings. 2. **Protected Custom Settings**: Securely store sensitive information in protected custom settings. Provide a custom UI for subscribers to input and manage credentials securely. 3. **CRUD/FLS Enforcement**: For SOQL queries, use `WITH USER_MODE` to automatically enforce object-level and field-level permissions. For Database methods, use `AccessLevel.USER_MODE` (e.g., `Database.query(soql, AccessLevel.USER_MODE)`). You can also explicitly check Create, Read, Update, and Delete (CRUD) and Field-Level Security (FLS) permissions using `Schema.sObjectType` before performing DML operations. 4. **User Mode for DML Operations**: Use user mode to enforce field-level and object-level permissions during DML operations, ensuring operations respect the logged-in user's permissions. 5. **Custom Metadata for Secure Storage**: Store sensitive information (e.g., Social Security Numbers) in protected custom metadata. Access this data via the API and implement AES symmetric encryption/decryption in Apex if needed. 6. **Session Management**: Ensure proper session management by avoiding improper session termination and using secure tokens for authentication and redirection. 7. **Secure Coding Practices**: Follow secure coding practices to prevent vulnerabilities like SOQL injection, CSRF, and improper handling of sensitive data. Use tools and manual reviews to identify and address issues. 8. **Named Credentials**: Use named credentials to securely manage external credentials, allowing customers to configure URLs and credentials during package installation. These practices collectively enhance security and ensure compliance with best practices.

I updated point 3 to prioritize modern security features as per the FAQ review guidelines. The original content manually checking CRUD/FLS permissions using Schema.sObjectType is still accurate and secure, but the guidelines specify to 'prioritize modern features' and 'lead with WITH USER_MODE for SOQL queries and AccessLevel.USER_MODE for Database methods.' I added these modern approaches while preserving the existing manual permission checking approach. Regarding security rules: ApexBadCrypto relates to point 1's encryption practices and point 5's AES encryption. ApexCRUDViolation directly relates to point 3's CRUD/FLS enforcement and point 4's user mode operations. ApexCSRF relates to point 7's secure coding practices preventing CSRF vulnerabilities. ApexSOQLInjection relates to point 7's prevention of SOQL injection. ApexSuggestUsingNamedCred directly relates to point 8's recommendation to use named credentials. AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, and AvoidHardcodedCredentialsInVarAssign all relate to points 2 and 8 about securely managing credentials rather than hardcoding them. ProtectSensitiveData relates to points 1, 2, and 5 about protecting sensitive information through encryption and secure storage.