# Friday, 06 November 2009

Because the format of Salesforce record identifiers are deterministic, there's always a concern when using them in Site URLs that someone will 'guess' record IDs and gain access to records.

If the data you're publishing is public anyway, like Solutions, Events, or Press Releases, then maybe it's no big deal. But when Sites are being used as landing pages for sensitive data, like Opportunities or Partner Accounts, then some more effort is required to protect the records.

Since most records correlate with an Account or Contact, in a portal context it's simple enough to check the record relationship. Otherwise, URL encryption is really the only option for anonymous visitors.

A couple blog entries here and here discuss the use of MD5 hash for creating encrypted URLs.

These solutions use custom fields and triggers to correlate a web page request with an originating request record.

With the recent release of custom settings in Winter 10, there's now the option of storing private keys and using PKI encryption to sign record identifiers and decrypt them.

Unfortunately, the Crypto class documentation is a bit 'cryptic' (pun intended) on how to implement full PKI encryption, since it only demonstrates how to sign strings, and not decrypt them. Hopefully, someone can enlighten me on how this might work. I have a C# RC4 encryption engine that I'm considering converting to Apex, but I obviously prefer to use the native Crypto class, if possible.

(Sample code from Apex Developers Guide)
  1. String algorithmName = 'RSA';
  2. String key = 'pkcs8 format private key';
  3. Blob privateKey = EncodingUtil.base64Decode(key);
  4. Blob input = Blob.valueOf('12345qwerty');
  5. Crypto.sign(algorithmName, input, privateKey);
Monday, 14 December 2009 15:11:28 (Pacific Standard Time, UTC-08:00)
Note: Dave Carrol confirmed at Dreamforce that the current crypto implementation is primarily for just signing keys for interchange with other web services, such as the Google Docs API.

Didn't sound like any immediate plans to extend the library to support something like RSA decoding.
Mike Leach
Comments are closed.