Currently we have a requirement to generate a "Secret" on a Contact record. Technically this secret only needs to be generated for specific contacts, I'm curious if this can be accomplished with clicks and not code.
For example, could I have a checkbox on the Contact that once selected on INSERT/UPDATE generates the Contact.Secret__c using Process Builder and Flows?
If APEX is necessary, how can I minimize its overall footprint on the solution?
Best Answer
What you're looking for seems to me to be a kind of tokenization, rather like but not quite a nonce.
Anyway, the basic purpose of this value is keep someone from mounting an attack against your database by guessing a Contact Id or walking the '003' keyspace from a known Contact Id in a URL parameter. I know of a couple of ways to do this sort of thing.
Single Encrypted Token
Instead of providing the Contact Id in the URL at all, provide an encrypted token (encrypted in Apex using a key you store in Salesforce) whose plaintext content is the Contact Id plus some salt value to guard against dictionary attacks.
Pros: more secure, does not expose Contact Id externally at all, only one URL parameter.
Cons: doesn't inherently guard against replay attacks, more code, requires key management on your part.
Id + Nonce-ish Value
This is closer to your proposed design. You'd supply the Contact Id in the URL, but you'd also provide some form of validation token to confirm that the URL was generated in Salesforce for that Contact Id rather than constructed by some attacker.
There are multiple ways to design the validation token.
Auto Number
One approach could be as simple as an Auto Number field on the Contact with some non-obvious start value. While the Auto Number sequence and the Contact Id sequence would be correlated, that this isn't obvious to the attacker could be sufficient for your purposes.
Pro: all declarative
Con: poor security, keyspace can still be walked (just less obvious)
Formula Generated from Contact Data
You could write a formula that manipulates data inherent to the Contact record to generate a non-cryptographically-random, but highly non-obvious, token value. For example, you could use a formula field to derive a numeric value from elements of the Contact's Created Date plus or minus a constant.
Pro: all declarative
Con: an apparently, but not actually, random number function
Cryptographically Secure Random Token / One-Way Hash Function
Populate a token value onto a field in the object, or generate it at the time of building the URL using a hash function.
You can use the
Math.random()function to generate random real numbers between 0.0 and 1.0, which you could use to select random alphanumeric characters from a string to build up an identification token, or use theCrypto.getRandomInteger()/Crypto.getRandomLong()functions to just get a random numeric value. In a tinybefore inserttrigger, you can populate this random token onto the Contact.Pro: low code, validate with a query against the Contact, can alter token to invalidate existing URLs
Con: have to manage permissions for the token field
Alternately, you can generate a one-way hash of the Contact Id concatenated with some secret constant and/or a salt value using
at the time of generating the URL. Your validation code can then compute the same hash and compare against the incoming token.
Pro: durable identifier, can be validated off-platform, does not require field storage, does not require trigger, if salt is stored in Custom Setting can allow revocation
Con: Conceptually more complex, all-code