FAQ-001338 - Package Design and Architecture Security / Component Architecture and Data Flow Security

When designing component architecture and data flow in managed packages, consider these security aspects: **Component Property Security:** When component properties are derived internally but passed from external sources, potential risks include: - Injection attacks leading to vulnerabilities like cross-site scripting (XSS) or SQL injection - Data manipulation by external sources to exploit the system - Unauthorized access to sensitive data **Mitigation Strategies:** - Sanitize and validate all inputs, even if they originate internally but are influenced by external sources - Enforce proper Create, Read, Update, and Delete (CRUD) and Field-Level Security (FLS) checks using modern approaches like `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods - Avoid unsafe data binding by not binding user-controlled data directly to unsafe attributes - Use secure coding practices, leverage sanitization libraries, and adhere to strict Content Security Policies (CSP) **Large-Scale Architecture Security:** For large-scale custom object architectures: - Implement comprehensive CRUD/FLS checks throughout the system - Use `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods to automatically enforce security permissions - Document and address all sharing violations on a case-by-case basis (note that sharing violations in batch classes and custom objects may be acceptable, but DML operations involving standard objects with sharing violations will likely fail review) - Store sensitive data securely, such as in protected custom settings or custom metadata - Review and document any external integrations to ensure they comply with security standards **Secure File Transfer and Data Rendering:** For large file transfers or data rendering from client-side components: - Use secure protocols like HTTPS with encryption to protect data in transit - Serve all client-side scripts statically from the package's static resources folder - Avoid dynamically loading third-party scripts or data from external sources - Always validate and sanitize user inputs to prevent vulnerabilities **External Client Application Architecture:** The recommended architecture for external client applications depends on your specific business use case. Evaluate your requirements to decide whether to use external client applications or connected apps. For detailed guidance, refer to the External Client Apps documentation.

The FAQ covers comprehensive security practices for managed package architecture, and I've made targeted improvements while preserving all existing points: 1. **Security approach modernization**: Updated the CRUD/FLS enforcement guidance to lead with modern approaches (`WITH USER_MODE` and `AccessLevel.USER_MODE`) while maintaining the existing structure and information. This aligns with the security guidelines to prioritize modern features. 2. **Protocol correction**: Changed 'SFTP' to 'HTTPS' in the file transfer section, as HTTPS is the standard secure protocol for web-based file transfers in Salesforce contexts, while SFTP is primarily for server-to-server file transfers. 3. **Metadata terminology**: Updated 'protected custom settings' to include 'custom metadata' as both are secure storage options, with custom metadata being the more modern approach. The selected security rules directly relate to the FAQ content: - **ApexCRUDViolation & ApexSharingViolations**: FAQ discusses CRUD/FLS checks and sharing violations extensively - **ApexSOQLInjection**: FAQ mentions SQL injection risks and input validation - **ApexXSSFromEscapeFalse & ApexXSSFromURLParam**: FAQ covers XSS prevention and input sanitization - **ApexBadCrypto**: FAQ mentions encryption for data protection - **ApexInsecureEndpoint & AvoidInsecureHttpRemoteSiteSetting**: FAQ discusses secure protocols and external integrations - **ApexSuggestUsingNamedCred**: FAQ covers external integrations requiring secure credential management - **ProtectSensitiveData**: FAQ emphasizes secure storage of sensitive data - **AvoidHardcodedCredentialsInFieldDecls & AvoidHardcodedCredentialsInVarDecls**: FAQ mentions secure storage practices that relate to avoiding hardcoded credentials These changes improve technical accuracy and align with modern Salesforce security practices while maintaining the FAQ's comprehensive coverage and structure.