Clickjack Protection

Clickjacking is a type of attack that tries to trick a user into clicking something, maybe a button or link, because they perceive they are clicking something safe. Instead, the button or link performs malicious actions on your site leading to data intrusion, unauthorized emails, changed credentials, or other site-specific actions. Hidden iframes that load your site's pages can be placed maliciously by an unrelated page that entices the user to click a button or link that appears below the hidden iframe. With clickjack protection, you can configure whether your browser allows frames or iframes over your site pages. The default clickjack level for Site.com is set to Allow framing by the same origin only.

You can set the clickjack protection for a site to one of these levels:

Allow framing by any page (no protection)
Allow framing by the same origin only (recommended)
Don’t allow framing by any page (most protection)

Note: Same-origin framing allows the site’s page to be framed only by pages on the same domain name and protocol security.

On the Overview tab, click Site Configuration.
Click Edit.
Select the desired level of clickjack protection.

Comments

Mashup Integration in Salesforce

During preparation for TA certification exam, I came across a word Mashup for integration a number of times. I explored about it and below is description:- Mashups, sometimes called “composites,” are hybrid applications created by bringing together several data sources and Web services to create a new application or to add value to an existing application. Behind the scenes, mashups may require different levels of integration, depending on whether the mashed-up data is only meant to be viewed, whether it can be edited, and whether data is actually transferred between systems. There are three types of mashup:- Client Presentation Mashup - In this type of mashup the integration takes place strictly at the visual level. It makes possible to view data from two or more applications in a browser, without actually moving data between the applications. Example - Google Maps. Client Service Mashup - As mashups evolve, they are becoming more complex and sophisticated. Client ser

Grant Access Using Hierarchies

Problem There is a custom object say 'XYZ' and OWD for this is set to ' Private ', which means record of this can be seen by only owner and users above in role-hierarchy and territory. However, to share this with other user, we can manually share it. The problem is that I don't want other users, who are above in role-hierarchy and territory of the user with whom record has shared, can see it. Solution We can un-check ' Grant Access Using Hierarchies ' check box for object 'XYZ' on 'Sharing Settings' page. We can go to Setup >> Security Controls >> Sharing Settings and click on ' Edit ' button. On the edit page, we can un-check ' Grant Access Using Hierarchies ' for required object. Major uses of 'Grant Access Using Hierarchies' are:- If you disable the Grant Access Using Hierarchies option, sharing with a role or territory and subordinates only shares with the users directly asso

ReadOnly Annotation

Use Case:- You want to show up to 10000 record on single VF page. Count of records based upon some business requirement where number of records could go up to 1 million. So far, it was not possible to achieve above in VF page because of following limitations:- The maximum number of items in a collection that can be iterated over using components such as <apex:dataTable> , <apex:dataList> , and <apex:repeat> is 1000. Normally, queries for a single Visualforce page request may not retrieve more than 50,000 rows. Solution:- But with API version 23.0 , salesforce has introduced ' ReadOnly ' annotation which has following functionality/restriction:- The @ReadOnly annotation allows you to perform unrestricted queries against the Force.comdatabase. All other limits still apply. It's important to note that this annotation, while removing the limit of the number of returned rows for a request, blocks you from performing the following operations

SFDC Know How

Search This Blog