Best of TrailblazerDX 2022: Secure Apex Code

TrailblazerDX (formerly known as TrailheaDX) is a Salesforce event aimed at Salesforce Developers, Architects, Admins and anyone else dealing with the platform. Naturally, we at CaseNine keep a close eye on developments. In a number of articles, we recount the most important developments that were covered during TrailblazerDX. During TrailblazerDX, among other things, attention was paid to Apex. Theodoor van Donge, Lead Software Engineer at CaseNine, talks about secure Apex code.

During TrailblazerDX, one of the topics discussed was Apex. For those not yet aware of this, Apex as a language allows developers to build the back-end on the Salesforce platform and work efficiently with user data within the platform.

Best practices for Apex

How do you build safe projects with Apex? There are three concerns that stand out. Theodoor van Donge listed them.

#1 Always the right share settings

Getting started with Apex? Make it a good habit to always write your classes 'with sharing'. That way, sharing settings are always applied when retrieving data from the database. A good example of this is SOQL query. This functionality has been available for some time now, so there's nothing stopping you from getting started with it within your projects.

#2 Secure queries

Another, important point of interest: are you getting started writing SOQL queries? Make sure you use the new syntax "WITH USER_MODE." You can further secure the query with this. When you use the syntax, it checks for CRUD and FLS (Field Level Security). The result: the query is now executed with user permissions instead of system permissions. Security first. This functionality is currently available as a beta and will be finally released with the Winter 23 Release.

#3 Secure DML queries

You can now also make DML statements significantly more secure, including insert and updates. To do this, you use "as user" in the DML statements. For example, use "insert as user new Order()". The order is then created only if the CRUD and FLS rules are met. Again, this functionality is currently available as a beta and will be released in final form with the Winter 23 Release.

Want to read more about secure Apex code? Then check out the presentation given at TrailblazerDX.

Want to learn more about the real-world benefits of a CPQ solution? Read more background information here or contact us directly for a discussion.

Interested in what we can do for you?

Contact our experts directly. We'd love to hear from you!

Curious for more? Subscribe to the Technical Deep Dive series today.

Contact Technical DeepDive Series

Theodore van Donge

Tech Lead

Theodoor van Donge works at CaseNine as a Tech lead. In this capacity he is responsible for several projects at customers. Theodoor not only deals with the actual development and implementation, but also advises customers in the areas of process and strategy.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Best of TrailblazerDX 2022: Secure Apex Code