Cross-Site Request Forgery (CSRF) Protection
by Paul Goodey
Salesforce CRM – The Definitive Admin Handbook - Third Edition
- Salesforce CRM – The Definitive Admin Handbook Third Edition
- Table of Contents
- Salesforce CRM – The Definitive Admin Handbook Third Edition
- Credits
- About the Author
- Acknowledgments
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. Organization Administration
- The Salesforce setup menu
- User login and authorization
- Establishing your company profile within Salesforce
- User interface and supported browsers
- User interface
- Supported browsers
- User interface settings
- The Enable Collapsible Sections option
- The Show Quick Create option
- The Enable Hover Details option
- The Enable Related List Hover Links option
- The Enable Separate Loading of Related Lists option
- The Enable Inline Editing option
- The Enable Enhanced Lists option
- The Enable New User Interface Theme option
- The Enable Tab Bar Organizer option
- The Enable Printable List Views option
- The Enable Spell Checker option
- The Enable Customization of Chatter User Profile Pages option
- The Enable Salesforce Notification Banner option
- Sidebar
- Calendar settings
- Setup settings
- The Enable Enhanced Page Layout Editor option
- The Enable Enhanced Profile List Views option
- The Enable Enhanced Profile User Interface option
- The Enable Streaming API option
- The Enable Custom Object Truncate option
- The Enable Improved Setup User Interface option
- The Enable Advanced Setup Search option
- Search overview
- Sidebar search
- Advanced search
- Global search
- Search settings
- The Enable "Limit to Items I Own" Search Checkbox option
- The Enable Document Content Search option
- The Enable Search Optimization if your Content is Mostly in Japanese, Chinese, or Korean option
- The Use Recently Viewed User Records for Blank and Auto-Complete Lookups option
- The Enable Drop-Down List for Sidebar Search option
- The Enable English-Only Spell Correction for Knowledge Search option
- The Enable Sidebar Search Autocomplete option
- The Enable Single-Search-Result Shortcut option
- The Number of Search Results Displayed Per Object option
- Lookup settings
- Enhanced lookups
- Lookup autocompletion
- Summary
- 2. User Management in Salesforce CRM
- An introduction to record ownership, profiles, and sharing
- Managing users in Salesforce CRM
- Viewing and editing user information
- Freezing user accounts
- Password management
- Password policies
- Forgot Password / Locked Account Assistance
- API Only User Settings
- Session management
- Session timeout
- Session settings
- Login page caching and autocomplete
- Identity confirmation
- Clickjack protection
- Cross-Site Request Forgery (CSRF) Protection
- Session Security Levels
- A how-to guide to help users grant login access to you
- Summary
- 3. Configuration in Salesforce CRM
- The relationship between a profile and the features that it controls
- Objects
- Fields
- Object relationships
- Apps
- Tabs
- Renaming labels for standard tabs, standard objects, and standard fields
- Creating custom objects
- Object Limits
- Creating custom object relationships
- Creating custom fields
- Dependent picklists
- Building relationship fields
- Lookup relationship options
- Master-detail relationship options
- Lookup filters
- Building formulas
- Basic formula
- Advanced formula
- Building formulas – best practices
- Building formula text and compiled character size limits
- Custom field governance
- Page layouts
- Record types
- Related lists
- List views
- Summary
- 4. Data Management
- The data access security model
- Organization-Wide Defaults (OWDs) for sharing
- OWD access level actions
- Public Full Access (Campaigns only)
- Public Read/Write/Transfer (Cases or Leads only)
- Public Read/Write
- Public Read Only
- Private
- No Access, View Only, or Use (Price Book only)
- Granting access using hierarchies
- Controlled by Parent
- External Organization-Wide Defaults (OWDs) for sharing
- Effects of modifying the default access type
- Granting users additional access
- Permission sets
- Role hierarchy
- Organization-Wide Defaults and sharing rules
- Sharing rules
- Account sharing rules
- Account territory sharing rules
- Campaign sharing rules
- Case sharing rules
- Contact sharing rules
- Lead sharing rules
- Opportunity sharing rules
- User sharing rules
- Custom object sharing rules
- Groups
- Effects of adding or modifying sharing rules
- Criteria-based sharing rules
- Manual sharing rules
- Manual sharing for user records
- Queues
- Sharing access diagram
- Data validation
- An overview of data import and export utilities
- Data Loader
- Best practices for mass data updating
- Weekly export
- Field sets
- Folders
- Recycle Bin
- Data storage utilization
- Summary
- 5. Data Analytics with Reports and Dashboards
- Reports
- The Report and Dashboard Folders section
- Creating New Report and Dashboard Folders
- Keep Favorite Report Folders In View
- Enhanced sharing for reports and dashboards
- Creating reports
- Standard report types
- Hiding standard report types
- Custom report types
- Running reports
- Printing and exporting reports
- Report considerations
- Report formats
- Groupings
- Custom summary formulas
- Bucket fields
- Changing the report format
- Dashboards
- Summary
- Reports
- 6. Implementing Business Processes in Salesforce CRM
- Workflow rules and the approval processes
- Workflow and approval actions
- Configuring e-mail alerts for workflow rules and approval processes
- Configuring tasks for workflow rules and approval processes
- Configuring field updates for workflow rules and approval processes
- Configuring outbound message notifications for workflow rules and approval processes
- Configuring workflow rules
- Approval process
- Configuring approval processes
- Visual Workflow
- Summary
- Workflow rules and the approval processes
- 7. Salesforce CRM Functions
- A functional overview of Salesforce CRM
- Marketing administration
- Campaign management
- Lead management
- Standard lead fields
- Lead business process
- Creating leads in Salesforce CRM
- Creating lead records within the application
- Manually creating leads with Web-to-Lead
- Manual importing of multiple leads
- Lead queue
- Creating and adding users to a lead queue
- Lead assignment rules
- Lead conversion
- 8. Extending Salesforce CRM
- Enterprise mash-ups in web applications
- Mash-ups in Salesforce CRM
- Server-side mash-ups
- Introduction to Visualforce
- Summary
- 9. Best Practices for Enhancing Productivity
- 10. Mobile Administration
- Accessing Salesforce Mobile products
- Salesforce mobile products' overview
- SalesforceA
- Salesforce Touch
- Salesforce1
- Salesforce1 supported devices
- Salesforce1 data availability
- Salesforce1 administration
- Salesforce1 mobile browser app access
- Salesforce1 desktop browser access
- Salesforce1 downloadable app access
- Salesforce1 notifications
- Salesforce1 branding
- Salesforce1 compact layouts
- Salesforce1 offline access
- Setting up Salesforce1 with the Salesforce1 Wizard
- Differences between Salesforce1 and the full Salesforce CRM browser app
- Salesforce Classic
- Summary
- Index
Cross-Site Request Forgery (CSRF) is a malicious technique in which unauthorized commands are crafted (by a script or a page link, for example) to be sent by a user to a website that has been authenticated.
These options protect against CSRF attacks by modifying the non-setup pages to include a random string of characters in the URL parameters or as a hidden embedded field. The system then verifies this string of characters and only executes the command if the value matches the expected value. There are various features that can be used to set protection against CSRF attacks as per the upcoming sections.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.