DEV Community

Salesforce Developers Podcast

092: Data Security with Alba Rivas

Alba Rivas is a Lead Developer Evangelist at Salesforce and former Salesforce MVP. While in the past, Alba has presented frequently on migrating to Lightning Web Components  (LWC) - today, she talks about data security on the platform. We chat about some best practices to prevent leaking data or creating dangerous app security vulnerabilities when coding with Apex and with LWC. She also shares some tips and tricks for handling secrets in encryption.

Alba believes any developer should think about data security right from the very beginning and that applying best practices is crucial for having a high quality application to prevent vulnerabilities and attacks, which could be a big issue for any company.

Show Highlights:


  • Moving from Visualforce to Lightning Web Components (LWC)
  • Creating a Trailhead Module 
  • CRUD field level security vs. record level security
  • The importance of Apex and how it works within SQL queries
  • How to use schema to check if somebody has access to a record
  • What the Apex recipes project does and what functions support security
  • What Apex’s pilot user mode does and what the SOQL injection is for
  • An example of a successful injection attack and what it does to a web application 
  • What is a cross-site scripting attack?
  • Lightning Locker vs. content security policy (CSP)
  • How to enforce security in LWC
  • Some edge cases LWC developers need to worry about
  • Tips for securing data back in the database itself and protecting custom metadata



  1. Migrating Visualforce to LWC
  2. Alba on Twitter: @AlbaSFDC
  3. Alba on Linkedin:
  4. Alba on Github:
  5. Alba's post on security:

Episode source