Security Enhancements Spring ’14
Since the advent of Cloud Computing, security has long been a hot topic and that’s unlikely to change any time soon. The Salesforce Spring ’14 includes a number of new security features to further protect customer data and systems. The complete list of features can be found here and we’ve summarised some of the key items below:
Configure File Upload & Download Security Settings
Administrators can now set download behavior for each type of file, depending on the file extension (MIME types). The options available for handling are as follows:
- Download (recommended)—The file, regardless of file type, is always downloaded.
- Execute in Browser—The file is displayed and executed automatically when accessed in a browser or through an HTTP request.
- Hybrid—Attachments and document records execute in the browser. Salesforce CRM Content files and Chatter files are downloaded.
Reset Password Link Expires after 24 Hours
The reset password email link now expires after 24 hours or immediately after use, which was previously set to 72 hours. This means it’s even more important to remember to reset your password as soon as you’ve requested to do so rather than waiting for some time!
Many options now enabled by default
The following security options/features are now enabled by default:
- Require secure connections (HTTPS) Enabled By Default
- SMS-based Identity Confirmation Enabled By Default
- Clickjack Protection Enabled By Default
- CSRF Protection Enabled By Default