Just in 5 points. Why you should attend Dreamforce?

So here I am. Two year ago I started learning Salesforce in my college days and I was introduced to a grand event called Dreamforce at that time i used to watch live stream of keynotes. Since then It was one of my dreams to attend Dreamforce.

After a deep patience of 2 years , this year I am going to Dreamforce ! Yes  just after completing a one in Industry[Thanks to my employer for considering me :) ] .

Here through this blog post I am going to share my views just in 5 points . Why you should attend Dreamforce?

So let me start :

1, You will get to learn new things, choose your path if you are a developer then go for developer sessions and if you are more on admin side do attend the administrative sessions.

This time i have decided to give large part of my time to developer sessions, if you are looking to learn more and enhance your skills just look at these sessions

http://www.salesforce.com/dreamforce/DF14/sessions.jsp#?search=blank&role=Developer&product=blank&industry=blank   

2. The Keynotes , attend these to get idea about the vision and new products of Salesforce.

3. Meet your clients and far  friends that are generally at other side of your machine and have fun .:)

4.Its a great time to get trained and certified. Salesforce provides huge discounts on training and certification.

5.Attend cloud expo,get your hands on all the Salesforce products and solutions. You can interact with Salesforce products firsthand and hear success stories shared by salesforce.com customers. Stop by and check out the latest features, connected devices, and interactive demos.

 See you soon at Dreamforce !

Securing your force.com app

Securing your force.com app

Building an app on force.com is great. But when it comes to developing a secure force.com app its a bit different thing.

Following are the guide lines, tips and tricks that you can follow to ease your app to pass Force.com security review .

 

  1. Parameter Tampering Issue.

This happens when you are trying to send some value from visualforce page and the value is being used throughout the controller. When this being used with any query it may result into database tempering.

 

Example :

String vid = ApexPages.currentPage().getParameters().get(‘id’);

account acc =[select id,name from account where id=:vid limit 1];

Solution:

account acc =[select id,name from account where id=:ApexPages.currentPage().getParameters().get('id') limit 1];

 

 

  1. Second Order SOQL and SOSL Injection.

SOQL injection involves taking user-supplied input and using thosevalues in a dynamic SOQL query. If the input is not validated, it may include SOQL commands that effectively modify the SOQL statement and trickthe application into performing unintended commands.

 

Solution 1.: Avoid using dynamic SOQL/SOSL queries

 

Solution 2:

 

Example :

 

Folio__cfo=[select id,name from Folio__c where

Transaction__r.Id=:sr.Transaction__r.Id AND id!=null LIMIT 1];

 

Can be changed into

 

Folio__cfo=[select id,name from Folio__c where Transaction__r.Id=:String.escapeSingleQuotes(sr.Transaction__r.Id) AND id!=null LIMIT 1];

 

 

 

 

  1. Queries with No Where or No Limit Clause

 

Apex has governor limits in place that limits the number of records that can be retrieved through a SOQL query. This issue says SOQLqueries in the apex code that does not have a WHERE clause nor uses the LIMIT clause to restrict the number of records retrieved.

 

Solution: Apply Limit , if not possible to use limits use Where clause.

The Where clause can be a null check on id field

 

accq=[select id,name from account where id!=null];

 

  1. Sharing with controller

 

By default Apex have capability to read and update all data and doesn’t cares about FLS,OWD or profile permissions. We must take care of all these from a developer’s perspective.If no sharing setting is defined on the controller this may give a security issue.

 

Solution:

 

Use “public with sharing class className”

 

  1. FLS Create/FLS Partial Create /FLS Update/ FLS Partial Update:

 

While creating/inserting/updating a record the Apex code must check if the user have sufficient privileges to insert/update the record.

 

 

Example:

 

OrderPayment__c op = new OrderPayment__c();

Payment_Amount__c=grandtotal;

Collection_Date__c=Date.valueOf(System.now());

Collection__c=true;

insert op;

 

Solution :

 

OrderPayment__c op = new OrderPayment__c();

Payment_Amount__c=grandtotal;

Collection_Date__c=Date.valueOf(System.now());

Collection__c=true;

 

if(Schema.sObjectType.OrderPayment__c.fields.Payment_Amount__c.isCreateable() && Schema.sObjectType.OrderPayment__c.fields.Collection_Date__c.isCreateable() && Schema.sObjectType.OrderPayment__c.fields.Collection__c.isCreateable() ){

insert op;

}

 

In Case of update

 

if(Schema.sObjectType.OrderPayment__c.fields.Payment_Amount__c.isUpdateable() && Schema.sObjectType.OrderPayment__c.fields.Collection_Date__c.isUpdateable() && Schema.sObjectType.OrderPayment__c.fields.Collection__c.isUpdateable() ){

Update op;

}

 

 

 

  1. Test_Methods_With_No_Assert :

Proper assert statements are advised, at least 10 to 20 in a single test class.

 

 

 

  1. For Store XSS (Cross Site Scripting )Issue

About: Cross-site scripting is a vulnerability that occurs when an attacker can insert unauthorized JavaScript, VBScript, HTML, or other active content into a web page viewed by other users.

This issue raised when controllervariable are being used in JavaScript / JQuery .

Example:

Public class mycontroller{

String myval{get;set;}

Public mycontroller(){

Myval=’Hello Page Loaded’;

}

}

//On page

<Script>

Varscriptvar = ‘{!myval}’;

Alert(scriptvar);

</script>

 

POSSIBLE SOLUTION:

Varscriptvar = ‘{!JSENCODE(myvar)}’;

Happy Secure Coding :)

10 Days of 10 Dollar Ebooks

10yr-webbanner2As you all know I have authored two ( one to get released in September 2014)  books on Salesforce.com, by Packt Publishing . You can get my book ( or any other of your choice) in only $10 . Yes! its true.

 

To know more about this offer go on this link http://bit.ly/1sWO4Qv

 

 

Why Salesforce1 week matters for Students in India?

s1devweekbanner

Salesforce1 week is series of events that is going to take place around the world from 27 April to 3 May.In this week Students and Developers in India will get a chance to be Introduced to the new platform “Salesforce1″ by Salesforce.com which was announced last year in Dreamforce’13 .In India, students hardly get chance to learn mobile platform development as it needs high investment of time and money along with  regular studies.

If you are a student or a fresh developer who is hungry to  learn mobile development, Salesforce1 week is for you. Salesforce1 enables you to build mobile apps faster by using  JavaScript, HTML5 and CSS knowledge without worrying about the front end at all ! . Yes! mobile development without knowledge of Objective-C or Android SDK. Just log-in and start developing in the all new cloud platform.

If you have some experience on Apex or Visualforce or tried it as a experiment in your college to build an app that will add into this as Salesforce1 platform is backed with Force.com Platform.

If you want to take a hand-on look over Salesforce1, it  is near you! just register  for the nearest local developer user group here :

https://developer.salesforce.com/developer-week

s1joinus

If you are Student in India and willing to participate just join us  in Bikaner(Rajasthan).

Salesforce1 Developer Week Comes for Students in India

Saturday, May 3, 2014, 2:00 PM

Acme Embedded Technologies
3/503 Mukta Prasad Nagar

10 Students Attending

Join us for Salesforce1 Developer Week! This is a global event where Salesforce Developer Groups across the world will be meeting to talk Salesforce1. We are proud to be part of the 1.5 Million developers in the Salesforce Developer Community and are celebrating by taking part in Salesforce1 Developer Week on 3 May 2014. Join us for a hands-on look…

Check out this Meetup →

Don’t forget to grab a T-Shirt(while supplies last).We will have new books and swag for you and plenty of resources for you to work on your very first Salesforce1 app.

See you soon !

 

 

 

Visualforce Remote Objects

Salesforce launched Visualforce Remote Objects with Spring’14 release.

Note: This feature is currently available as developer preview.

Visualforce remote objects are proxy objects that you can use to perform DML operations on Saleforce objects and these do not counts towards API limits.

Benefits of using Remote Objects:

1. No need to use controllers or extensions.

2. Reduces the need for @RemoteAction methods in an Apex controller or extension.

3. No test classes.

Let’s go thru an example

In this example I have tried to search accounts based on their type.

1.First of all we need to define about the object we are going to use.

<apex:page>

    <apex:remoteObjects >

          <apex:remoteObjectModel name=”Account” fields=”Name” jsShorthand=”ac”>

                <apex:remoteObjectField name=”Type” jsShorthand=”ty”></apex:remoteObjectField>

        </apex:remoteObjectModel>

    </apex:remoteObjects>

Here, <apex:remoteObjects >  tag  is used to define the block were we will include everything related to Remote Objects.

This   <apex:remoteObjectModel name=”Account” fields=”Name” jsShorthand=”ac”>  is being used to  define the object on which the DML operations will be performed. Attribute name is used to hold the API name of the Object, fields attribute holds the fields you want to perform DML upon and jsShorthand is the shorthand notation for the object that you can use with the javaScript.

<apex:remoteObjectField name=”Type” jsShorthand=”ty”></apex:remoteObjectField> is being used to refer the fields if you additionally want to add some conditions in your DML operation.

Let’s go on the javaScript code

<script type=”text/javaScript”>

        function retrieveAccount(){

            clear();                     //calling clear method to clear the existing records if shown in table

            var t = document.getElementById(“srch”).value;      //getting the value from input box

            var acc = new SObjectModel.Account();                 // this defines the object on which we going to perform operations

// the below code will retrieve the 100 records from account object where Type field of the record is equal to the type defined in input box on page and will display records as part of a table.

            var acnt = acc.retrieve({where: {ty: {eq: t }},limit : 100},

                       function(err,records){

                           if(err){

                               alert(“Encountered Error”+err.message);

                           }

                           else{

                               records.forEach(

                                   function(record){

                                       var name = record.get(“Name”);

                                       var row = document.createElement(“tr”);

                                       row.appendChild(document.createTextNode(name));

                                       var table = document.getElementById(“accountTable”);

                                       table.appendChild(row);

                                }   

                               );

                           }

                        }

            );

        }

        function clear(){   // clear function to clear the existing records on page.

            document.getElementById(“accountTable”).innerHTML = “”;

        }

        </script>

Enter account type here:<input id=”srch”></input>  <!–Input box –>

    <button onclick=”retrieveAccount()”>Search</button>  <!–button which on click will javaScript method retrieveAccount –>

    <table id=”accountTable” border=”1″ cellspacing=”10″></table> <!–table that will hold records–>

</apex:page>

Now you can take a look at the functionality, this feature also works on Salesforce1 !!

Image

Unable to Download/Upload Files using Salesforce1

Hi Friends,

Recently i was playing with Salesforce1 platform.

I built a functionality where i can upload or download files from Salesforce.

Everything worked fine when i was emulating  the app behavior over the google chrome.

But i was not able to do the same on Android Device.

Investigated but not got a satisfactory answer anywhere.

Do anyone faced similar issues? Do Salesforce have some restrictions with Salesforce1 app?

Do only limited set of Visualforce Tags work for Salesforce1?

You can have a look at my post on Salesforce StackExchange over here:

http://salesforce.stackexchange.com/questions/26941/uploading-and-downloading-file-by-using-salesforce1/27253?noredirect=1#27253

Salesforce1 Development [using Google Chrome]-Part 1

6a00d83451ba7369e2019b0234ddcf970c-320wi

In Dreamforce’13 Salesforce1 was announced , a new mobile app for Salesforce platform,that makes the platform easier to use.

Available for :

1.iOS 6+

2.Android 4.2+

We can do development with Salesforce1 right from the Google Chrome browser on our Desktop.

First of all we need to make sure that the user have rights to access the salesforce1 .

In-order to make the user capable to access salesforce1 we need to grant access to that user , that we can do by Manage Users>Users>Edit [in front of that user]>check the check box “Salesforce1 User”.

UntitledSecond thing to do is to allow the salesforce1 to run as the mobile browser app right from our desktop web browser , to do this go to  Mobile Administration>Salesforce1

UntitledThen check the check box “Enable the Saleforce1 mobile browser app”

UntitledNow by doing so we can simply access the mobile app right from our desktop [by using google chrome only]

To do that simply prefix /one/one.app after your salesforce instance in the address bar of  our google chrome browser.

For example my instance is https://ap1.salesforce.com

So the URL to access the salesforce platform becomes like this :

https://ap1.salesforce.com/one/one.app

When we go on this URL we get following screen with a cool salesforce logo

Untitled

Home page is like this :

UntitledNow if we need to test this app according to the end user device and configuration we can do it by pressing F12 or right-click to Inspect Element.

UntitledNow we can see the inspect element section [Developer Tools]

UntitledNow click on the Elemens Tab and then the Gear Icon [as highlighted in the above image by red squares].

Now settings will open up where we need to select Overrides , here we can change the user agent and simulate the behavior  of this app on the respective device.

Untitled

Follow

Get every new post delivered to your Inbox.