DreamFactory Customer Privacy and Security Whitepaper Delivering Secure Applications on Salesforce.com

Similar documents
DREAMFACTORY SOFTWARE INC. Snapshot User Guide. Product Usage and Best Practices Guide. By Sathyamoorthy Sridhar June 25, 2012

DreamFactory Security Guide

W H IT E P A P E R. Salesforce Security for the IT Executive

The security of Mozilla Firefox s Extensions. Kristjan Krips

Snapshot Best Practices: Continuous Integration

WHITE PAPER. Good Mobile Intranet Technical Overview

Client 2. Authentication 5

HOMELESS INDIVIDUALS AND FAMILIES INFORMATION SYSTEM HIFIS 4.0 TECHNICAL ARCHITECTURE AND DEPLOYMENT REFERENCE

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

AppSpider Enterprise. Getting Started Guide

Salesforce1 Mobile Security White Paper. Revised: April 2014

Tableau Server - 101

School Installation Guide ELLIS Academic 5.2.6

RKN 2015 Application Layer Short Summary

Introduction Secure Message Center (Webmail, Mobile & Visually Impaired) Webmail... 2 Mobile & Tablet... 4 Visually Impaired...

TRAINING & CERTIFICATION. Salesforce.com Certified Force.com Developer Study Guide

TRAINING GUIDE. Tablet: Cradle to Mobile Configuration and Setup

Secure Frame Communication in Browsers Review

WebSphere Puts Business In Motion. Put People In Motion With Mobile Apps

Hacker Attacks on the Horizon: Web 2.0 Attack Vectors

Sentinet for Microsoft Azure SENTINET

Google Identity Services for work

Equitrac Integrated for Konica Minolta. Setup Guide Equitrac Corporation

WHY CSRF WORKS. Implicit authentication by Web browsers

HOL122 Lab 1: Configuring Microsoft Windows Server 2003 RPC Proxy

SALESFORCE CERTIFIED B2C COMMERCE DEVELOPER

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

Password Reset Server Installation

TIBCO LiveView Web Getting Started Guide

Web 2.0 and Security

Solutions Business Manager Web Application Security Assessment

Security and Privacy

How to Stay Safe on Public Wi-Fi Networks

Convert Your JavaScript Buttons for Lightning Experience

Clearspan Hosted Thin Call Center R Release Notes JANUARY 2019 RELEASE NOTES

Configuring the CSS for Device Management

SPANNING BACKUP. for Salesforce. Installation Guide

Equitrac Integrated for Konica Minolta

Tenable.io User Guide. Last Revised: November 03, 2017

Salesforce.com Winter 18 Release

Sync to a Secondary Salesforce Organization

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

Deltek Touch Expense for Ajera. Touch 1.0 Technical Installation Guide

Xton Access Manager GETTING STARTED GUIDE

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

CSCE 120: Learning To Code

WEB SECURITY: XSS & CSRF

VSP18 Venafi Security Professional

maxecurity Product Suite

Table of Contents. Section 1: DocSTAR WebView v1.0 Requirements & Installation CD... 1 Section 2: DocSTAR WebView v1.

RSA SecurID Implementation

Centrify for Dropbox Deployment Guide

Some Facts Web 2.0/Ajax Security

Security overview Setup and configuration Securing GIS Web services. Securing Web applications. Web ADF applications

Checklist for Testing of Web Application

Configuration of Windows 2000 operational consoles and accounts for the CERN accelerator control rooms

Oracle Hospitality Cruise AffairWhere Security Guide Release E April 2017

Getting Started with the Aloha Community Template for Salesforce Identity

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0

Identity Provider for SAP Single Sign-On and SAP Identity Management

Security context. Technology. Solution highlights

Salesforce App Help. Salesforce, Winter

ArcGIS Enterprise Security. Gregory Ponto & Jeff Smith

Feature Comparison Checklist

System Administrator s Guide Login. Updated: May 2018 Version: 2.4

Business Intelligence Launch Pad User Guide SAP BusinessObjects Business Intelligence Platform 4.1 Support Package 1

Cloud Security Whitepaper

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Are You Avoiding These Top 10 File Transfer Risks?

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

SIS offline. Getting Started

BEAWebLogic. Portal. Overview

Using Windows 2000 with Service Pack 3 in a Managed Environment: Controlling Communication with the Internet

Technical White Paper. By Jay Tomlin NFuse Technical Support Team Citrix Systems, Inc.

Secure Web Appliance. Basic Usage Guide

CA Adapter. CA Adapter Installation Guide for Windows 8.0

Bomgar Vault Server Installation Guide

Configuring BIG-IP ASM v12.1 Application Security Manager

User Scripting April 14, 2018

Package and Distribute Your Apps

Sync Your Contacts and Events with Lightning Sync

The goal of this book is to teach you how to use Adobe Integrated

Salesforce Enterprise Edition Upgrade Guide

Visual Workflow Implementation Guide

A Technical Overview of the Lucent Managed Firewall

Colligo Briefcase. for Good Technology. Administrator Guide

(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Practice Labs User Guide

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

MTAT Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions

CogniFit Technical Security Details

USER GUIDE for Salesforce

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Chatter Answers Implementation Guide

BIG-IP Access Policy Manager : Portal Access. Version 12.1

ForeScout Extended Module for ServiceNow

Welcome to the OWASP TOP 10

SecureFactors. Copyright SecureFactors Corp ver 1.0a

Advantage Cloud Two-Factor Security Process

Transcription:

DreamFactory Customer Privacy and Security Whitepaper Delivering Secure Applications on Salesforce.com By Bill Appleton, CTO, DreamFactory Software billappleton@dreamfactory.com Introduction DreamFactory Software is the world's leading publisher of rich applications for next generation web service platforms. Our suite of business applications available on salesforce.com s AppExchange use the DreamFactory runtime client, including DreamTeam, Carousel, FormFactory, OrgView, SnapShot, DoX, and Web Meeting Mashup, as well as a host of additional applications from other partners. Our client technology does a better job of protecting your privacy and security than any other method of consuming web services. This white paper discusses the advantages of our unique architecture and explains the security and privacy polices put in place by DreamFactory Software, Inc. Server-less Architecture DreamFactory Software s runtime client and rich applications can be downloaded from our website at www.dreamfactory.com. Embedding a DreamFactory application is similar to embedding an animation or a movie file on a web page (i.e. there is a client player and a rich document that contains the content). All of our different applications take advantage of the same runtime player. The client player implements a security sandbox that protects local files, other documents, and private network assets. The player is carefully written to minimize and abstract contact with the local machine, but to also allow access to certain external web based assets or local desktop files under user control. 2007 Dreamfactory Software, Inc. www.dreamfactory.com Page 1 of 6

Once the rich application is downloaded into the secure DreamFactory player, the current salesforce.com session ID is supplied through the Custom Link or S-control as a URL parameter. The embedded client application uses the session ID to communicate directly with salesforce.com using pure XML web services. No other servers are involved. Once you download the rich application from our website, the process is complete and in turn, DreamFactory does not host any of your data. Your private data, username, password, and session ID are not transferred anywhere other than back and forth to salesforce.com. Your session ID is used for communicating directly with Salesforce while our application is running. Your private salesforce data is not transmitted, duplicated, or cached in any other server or database. All communication is conducted directly through an encrypted Secure Sockets Layer (SSL) pipeline with the salesforce.com SAS 70 certified servers that store your data. Figure 1: DreamFactory Security Architecture 2007 Dreamfactory Software, Inc. www.dreamfactory.com Page 2 of 6

The DreamFactory client operates in much the same manner as a web browser, but instead of communicating with HTML, we communicate with XML directly to the service architecture. One advantage of this is the communication speed is greatly enhanced due to the direct connection, but another key advantage is that your data travels back and forth to Salesforce directly and is not read by any other server. New versions of our embedded applications become available at the DreamFactory web site from time to time and are brought down to replace the existing version. Customers that want to embed their own private versions of these applications can do so, although they will have to manage their own application updates. The DreamFactory client can also enable direct connections to Outlook or desktop data sources if the end user requests this. A client security certificate is presented when appropriate to insure that this is what the end user intended. The DreamFactory engine is not capable of accessing these private resources without client permission. Nor is the engine capable of accessing any foreign URL with data, such as a corporate database or other network device behind the firewall. The only network assets that DreamFactory is allowed to access are public web services like salesforce.com. The security settings of the DreamFactory client can also be managed by a corporate IT department if desired. Salesforce Native Operation DreamFactory applications use salesforce.com directly, and so they are completely limited by the current account settings and visibility limitations as defined by the salesforce.com administrator. When a user logs into Salesforce and navigates to one of our rich applications, all the settings for that user are transferred through the session ID to the data accessed by that application. There is no way for a DreamFactory application to see things that the user cannot otherwise access through the salesforce.com HTML interface. All DreamFactory applications must be purposefully embedded by an administrator in the salesforce.com HTML interface with a Custom Link or S-control for deployment. DreamFactory applications sense the current user settings for read, write, create, and delete of the various objects used by our applications. For example, a user may be prompted that they do not have the ability to delete a certain object, and in other cases restricted objects simply do not show up at all for some users. Even if the user was somehow able to go forward and actually attempt to delete some protected object this would simply generate a runtime error message generated by the salesforce.com service architecture. 2007 Dreamfactory Software, Inc. www.dreamfactory.com Page 3 of 6

The Native Data Advantage DreamFactory s applications store the data that they need in your salesforce.com account using appropriately named custom objects, similar to any other custom and standard objects in the Salesforce system. There are many powerful advantages to storing this mission critical data directly in your salesforce.com account and not on someone else s server. First, you don t have to depend on a potentially unreliable third party to store your data. Second, our applications take full advantage of all the existing data and other customizations that you have added to your salesforce.com account, including custom fields, integration links and custom objects. Lastly, all of the familiar salesforce.com services and interfaces work with the custom objects that our applications use to store their data, including reporting, dashboards, editing, linking, workflow, mobile access, offline access, and all other native capabilities of the salesforce.com platform. DreamFactory Software Security Policy The DreamFactory client enables your personal computer to communicate directly with your salesforce.com account. All transactions take place directly with salesforce.com and are conducted using the SSL protocol. All transactions conform to the salesforce.com API security policy, and the policy that you have established for the users in your account. None of your private data or even your session ID is transmitted to us or to any other database. We never store your username or password. Our servers are only used for the initial download of the runtime player. The Security White Paper listed below has additional technical information about DreamFactory Runtime security. DreamFactory Software Privacy Policy The DreamFactory client enables your personal computer to communicate directly with your salesforce.com account. All of the data used by our rich applications is stored in your account. None of your personal data is sent to us or stored on some other server. Any personal data that you explicitly send to us, for example to request product information, will be used solely for tracking product downloads, building customer relationships, and providing technical support. Your personal information will never be transferred to a third party or become linked to any database external to DreamFactory Software. 2007 Dreamfactory Software, Inc. www.dreamfactory.com Page 4 of 6

Appendix: Common Security Issues What follows is a series of security issues that you should consider, and the unique approach DreamFactory takes in resolving these issues. Issue 1: Protecting Private Data Many AppExchange applications use JSP, ASP, Flex, Java, or some other server based technology to render HTML pages in the salesforce interface. In order to run the application, they must ship the current session ID back to their data center and access your account data from there. While salesforce has a secure SAS 70 certified data center to deliver their service, most other partners do not. Where is their data center? What is their security policy? Who has access to your data? Is your data cached on their server? Which records are they reading with your session ID? What other databases do they have? What other servers are they connected to? DreamFactory doesn t have a server. We aren t hosting anything. You download the rich application from our web site and then you are done with us. Your private data is never shipped anywhere, except back and forth to salesforce.com through the encrypted SSL pipeline. We use the exact same HTTPS protocol that the browser does, except we read and write XML instead of HTML. Your private data, username, password, and session ID stay in your salesforce account. We can t loose or steal your data. Our company doesn t have your data in the first place. Issue 2: Protecting Credentials When you log into salesforce.com a session ID is generated, and this ID is used by the service architecture to access your data. Shipping private data across the Internet is one thing, but server based solutions must also transfer your session ID to their data center. If your session ID is lost or stolen then any data visible to the current user can be read, updated, or even deleted. There is no way to know what account data has been accessed by a third party once they have your session ID, because these transactions take place behind their firewall. The potential for lost or stolen account data increases with every new server that has access to your session ID. DreamFactory only uses your session ID inside your personal computer to access your salesforce account. The session ID is used for communicating directly with salesforce.com, and then it is destroyed the moment you navigate away from our application. The session ID is only used to access the data you request and then see moments later on your computer screen. Neither your private data nor your session ID is used for any other purpose. Please feel free to verify all of these claims and the secure behavior of our applications with a network monitor. 2007 Dreamfactory Software, Inc. www.dreamfactory.com Page 5 of 6

Issue 3: Using JavaScript At first glance, one might think that the standard browser security model enforces the secure behavior of S-controls written in JavaScript. The JavaScript is stored in your salesforce account, and because of the originating host security model, it should only be able to access the data in your account, right? Unfortunately, this is not true. Any JavaScript with the ability to read data using a session ID is also able to log into ANOTHER salesforce account and move data between the accounts. In this situation the data would be transferred under the cover of the SSL connection, so the use of two simultaneous accounts is not easy to detect. A malicious person could use a free, anonymous Developer account as a waypoint to store stolen data while the JavaScript S-control appeared to be operating normally. DreamFactory Software s patented security model eliminates the ability for an application to steal data in this manner. The use of the salesforce transaction URL is allowed, but the use of the salesforce login URL is protected. Any application that attempted to log in to a secondary salesforce account would trigger a security alert dialog for the end user. There are some other troubling characteristics of JavaScript based systems, including Ajax, Flash, and Flex. An important vulnerability is the prototype hijacking exploit. This basically allows any running JavaScript application to gain control of the web services pipeline. Stefano Di Paola and Giorgio Fedon present a detailed discussion of this problem in their paper Subverting Ajax. A related security problem with JavaScript is the JSON Cross Domain Attack. In either case, any use of JavaScript with secure or private data should be carefully evaluated by the enterprise customer. The scripting engine in the DreamFactory client was specifically designed to prevent the prototype hijacking exploit. System routines can be sub-classed, but this does not effect the operation of other project files. The JSON cross domain attack is irrelevant because our security sandbox applies the originating host security model to all assets, including text and even graphics. In conclusion, we have designed the DreamFactory client to deliver a safe, secure, private, and rich experience to our customers. Your security and privacy are of the utmost concern to us. Please feel free to contact us directly with questions, comments, or problems. Additional Information: Security Whitepaper Enterprise Installation Guide Verisign Certificate JavaScript Security Links: Subverting Ajax JSON Cross Domain Attack Top 10 Web 2.0 Attack Vectors 2007 Dreamfactory Software, Inc. www.dreamfactory.com Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback