Available in: Developer, Enterprise, Performance, and Unlimited Editions
Consider the following security issues when setting up your Force.com site:
If the Require Secure Connections (HTTPS) checkbox on the Session Settings page is selected, and the Require Non-Secure Connections (HTTP) checkbox on the Login Settings page is not selected, users logging in to the associated portal from the site will see the secure.force.com domain. For example, if you registered mycompany.force.com as your custom domain, the URL changes to https://mycompany.secure.force.com upon login. For more information, see Managing Force.com Site Login and Registration Settings.
Customers using a script to login to sites can use the optional refURL URL parameter to retain the custom domain name after login. This parameter has no effect if Require Non-Secure Connections (HTTP) has been set for the site or Require Secure Connections (HTTPS) has been set for the organization. An example URL using refURL is: http://mysite.secure.force.com/SiteLogin?refURL=http://mysite.com.
To set restrictions based on IP or login hours, HTTPS is required. You must use the secure URL associated with your Force.com domain to access your site.
To enforce HTTPS on all Force.com sites pages and allow all IP addresses to access your site, create the following IP ranges: 0.0.0.0 to 255.255.255.255, :: to ::fffe:ffff:ffff, and ::1:0:0:0 to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff. However, as this may degrade the performance of your site, don't enforce HTTPS unless it is absolutely required. Changing from HTTP to HTTPS doesn't affect logged in users until the next time they log in.
Authenticated and non-authenticated users may see different error messages for certain conditions—for example, on Apex exceptions.
Only production organizations have the valid secure.force.com SSL certificates to access sites using HTTPS.
If a site within a sandbox (non-production) organization is accessed using HTTPS, a certificate name mismatch warning may appear.
Cache settings on static resources are set to private when accessed via a Force.com site whose guest user's profile has restrictions based on IP range or login hours. Sites with guest user profile restrictions cache static resources only within the browser. Also, if a previously unrestricted site becomes restricted, it can take up to 45 days for the static resources to expire from the Salesforce cache and any intermediate caches.
We recommend setting the sharing to private for the objects on which you grant “Read” access for your site. This ensures that users accessing your site can view and edit only the data related to your site.
We also recommend securing the visibility of all list views. Set the visibility of your list views to Visible to certain groups of users, and specify the groups to share to. List views whose visibility is set to Visible to all users may be visible to public users of your site. To share a list view with public users, create a new public group for those users and give them visibility. If the object's sharing is set to private, public users won't be able to see those records, regardless of list view visibility.