Sat 6 Feb 2010
Salesforce errors
Posted by Slavik under security, technical tips
[2] Comments
As part of my continued crusade to get rid of all database errors returned from the application to the user, one of our developers sent me the following error message coming from Salesforce.com:
SF Error
So, what can we learn from the error?
- SF uses Java as a backend
- SF uses Oracle as the database
- The application is programmed using stored program units – in this case package sLead with procedure update_leads
- Checks are performed at the PL/SQL level and custom exceptions are being thrown – ORA-20096
- The Java application uses bind variables to call into the PL/SQL layer – good for them!
- My guess is that the username/schema for this particular SF account is SNEEZY and it contains Oracle types with the names CUSER and SLEAD
All in all, I’d say that SF did a good, secure job in implementing the application (bind variables, etc.) but missed the “never return DB errors to the customer” part.
So, what will it take to educate developers not to display errors? Thoughts?
Slavik, asides from the musings of what this means about SF and how they go about doing things. Do you have any insight about what this error really means, why might it come about and or how to avoid it?
We started seeing this error in Lead Alert emails when using the Web-to-Lead functionality. It doesnt happen everytime and I have yet to see a pattern in the data to cause this error.
@Jesse
Sorry, Jesse, I have no idea what it actually means. One of our developers stumbled on the error. As far as I know, it is happening when you have owner assignment rules.
I do know that SF are interested in the finding and are investigating it. If you can post more details about your exact situation, their security team will pick it up and probably contact you to further investigate.