Best of TrailblazerDX 2022: Secure Apex Code
Best of TrailblazerDX 2022: Secure Apex Code
TrailblazerDX (formerly known as TrailheaDX) is a Salesforce event aimed at Salesforce Developers, Architects, Admins and anyone else dealing with the platform. Naturally, we at CaseNine keep a close eye on developments. In a number of articles, we recount the most important developments that were covered during TrailblazerDX. During TrailblazerDX, among other things, attention was paid to Apex. Theodoor van Donge, Lead Software Engineer at CaseNine, talks about secure Apex code.
During TrailblazerDX, one of the topics discussed was Apex. For those not yet aware of this, Apex as a language allows developers to build the back-end on the Salesforce platform and work efficiently with user data within the platform.
Best practices for Apex
How do you build safe projects with Apex? There are three concerns that stand out. Theodoor van Donge listed them.
#1 Always the right share settings
Getting started with Apex? Make it a good habit to always write your classes 'with sharing'. That way, sharing settings are always applied when retrieving data from the database. A good example of this is SOQL query. This functionality has been available for some time now, so there's nothing stopping you from getting started with it within your projects.
#2 Secure queries
Another, important point of interest: are you getting started writing SOQL queries? Make sure you use the new syntax "WITH USER_MODE." You can further secure the query with this. When you use the syntax, it checks for CRUD and FLS (Field Level Security). The result: the query is now executed with user permissions instead of system permissions. Security first. This functionality is currently available as a beta and will be finally released with the Winter 23 Release.
#3 Secure DML queries
You can now also make DML statements significantly more secure, including insert and updates. To do this, you use "as user" in the DML statements. For example, use "insert as user new Order()". The order is then created only if the CRUD and FLS rules are met. Again, this functionality is currently available as a beta and will be released in final form with the Winter 23 Release.
Want to read more about secure Apex code? Then check out the presentation given at TrailblazerDX.
Want to learn more about the real-world benefits of a CPQ solution? Read more background information here or contact us directly for a discussion.
Interested in what we can do for you?
Contact our experts directly. We'd love to hear from you!
Curious for more? Subscribe to the Technical Deep Dive series today.
Receive notification when a new blog arrives
We would love to keep you updated on the latest news.