ExamGecko
Search Search Login
Home Home / Salesforce / Certified B2B Commerce Developer
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What should a developer's implementation code return if the External Prices are the same as Sales Prices for Products in the Cart?
How do the REST APIs in Salesforce B2B Commerce support pass-through parameter handling
A developer has made a component with a lightning combobox in the follow! markup. To handle changes on the combobox, what should replace <CHANGE FVENT>?
Which three attributes are true regarding Subscriber pages? (3 answers)
A configuration value, CO.NewOrder, is set to TRUE. What is one way of preventing anexisting payment page from being shown on the checkout payment page?
What is likely to happen if a developer leaves debug mode turned on in an environment?
What is one requirement to keep in mind when including additional JavaScript 1h files in a Lightning Web Component?
Based on error emails flowing in, a developer suspects that recent edits made to a checkout flow have created a defect. The developer has data points available to use as inputs in reproducing the scenario. What should the developer do next?
A query containing a subquery is executed. What is appended to the subquery name as part of its transformation by default in Salesforce B2B Commerce?
Which three file extensions are allowed in a Lightning Web Component folder?

Question 21 - Certified B2B Commerce Developer discussion

Report
Export

Although Salesforce B2B Commerce and Salesforce recommend against using

'without sharing classes' whenever possible, sometimes it is unavoidable. Which three items will open up a major security hole? (3 answers)

A.
Executing dynamic SOQL inside a without sharing class with a bind variable fromPageReference.getParameters().
Answers
A.
Executing dynamic SOQL inside a without sharing class with a bind variable fromPageReference.getParameters().
B.
Executing dynamic SOQL inside a without sharing class with a bind variable from theUserInfo class.
Answers
B.
Executing dynamic SOQL inside a without sharing class with a bind variable from theUserInfo class.
C.
Executing dynamic SOQL inside a without sharing class with a bind variable fromPageReference.getCookies().
Answers
C.
Executing dynamic SOQL inside a without sharing class with a bind variable fromPageReference.getCookies().
D.
Executing dynamic SOQL inside a without sharing class with a bind variable fromcc_RemoteActionContentex class.
Answers
D.
Executing dynamic SOQL inside a without sharing class with a bind variable fromcc_RemoteActionContentex class.
E.
Executing dynamic SOQL inside a without sharing class with a bind variable fromccAPI.CURRENT_VERSION.
Answers
E.
Executing dynamic SOQL inside a without sharing class with a bind variable fromccAPI.CURRENT_VERSION.
Suggested answer: A, C, D

Explanation:

Executing dynamic SOQL inside a without sharing class with a bind variable from PageReference.getParameters(), PageReference.getCookies(), or cc_RemoteActionContext class will open up a major security hole because these sources of input are not sanitized and can be manipulated by malicious users to inject SOQL queries that bypass the sharing rules and access data that they are not supposed to see. For example, a user can modify the URL parameters or cookies to include a SOQL query that returns sensitive data from the database. To prevent this, it is recommended to use static SOQL or escape the bind variables before executing dynamic SOQL.

Show Answer
asked 23/09/2024
Steve Parnell
30 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms