Anyone logged in to API can see the javascript code, your username and password - how to avoid this in Salesforce? - Forcetalks

Tagged: AJAX Toolkit, Apex API, Global Variable, Javascript Code, Login, Password, Salesforce Security, Salesforce Visualforce Page, Session Variable, Username

Salesforce® Discussions

Anyone logged in to API can see the javascript code, your username and password – how to avoid this in Salesforce?

Posted by Aman on September 22, 2018 at 6:41 PM

In Ajax toolkit for custom Javascript button, you have to explicitly login to API because global Session variable is not available. In that case it is security vulnerable because anybody logged in can see the javascript code and your username and password. So is there any way to avoid this?

Parul replied 7 years, 7 months ago 3 Members · 2 Replies
2 Replies

shariq

Member
September 22, 2018 at 6:42 PM

We can create a visualforce page with output type as JavaScript. Global session variable is available in VF page. Initialize the global javascript variable in that VF page. include VF page as a javascript file and we are done!
[adinserter block='9']
Parul

Member
September 23, 2018 at 5:45 AM

Global session variable is available in VF page so when we create a visualforce page with output type as JavaScript first initialize the global javascript variable in that VF page and then include VF page as a javascript file I think then it avoided.

Log In to reply.