Which three items will open up a major security hole?

B2B Commerce Developer V2 0 Comments

Although Salesforce B2B Commerce and Salesforce recommend against using "without sharing classes" whenever possible, sometimes it is unavoidable.

Which three items will open up a major security hole? (3 answers)
A . Executing dynamic SOQL inside a without sharing class with a bind variable fromPageReference.getParameters().
B . Executing dynamic SOQL inside a without sharing class with a bind variable from theUserInfo class.
C . Executing dynamic SOQL inside a without sharing class with a bind variable fromPageReference.getCookies().
D . Executing dynamic SOQL inside a without sharing class with a bind variable fromcc_RemoteActionContentex class.
E . Executing dynamic SOQL inside a without sharing class with a bind variable fromccAPI.CURRENT_VERSION.

Answer: A,C,D

Explanation:

Executing dynamic SOQL inside a without sharing class with a bind variable from PageReference.getParameters(), PageReference.getCookies(), or cc_RemoteActionContext class will open up a major security hole because these sources of input are not sanitized and can be manipulated by malicious users to inject SOQL queries that bypass the sharing rules and access data that they are not supposed to see. For example, a user can modify the URL parameters or cookies to include a SOQL query that returns sensitive data from the database. To prevent this, it is recommended to use static SOQL or escape the bind variables before executing dynamic SOQL.

Latest B2B Commerce Developer Dumps Valid Version with 79 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download B2B Commerce Developer PDF     B2B Commerce Developer Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments