Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > General Security Best Practices

Fail Securely

Fail securely means implementing decision logic that puts systems into a secure state when errors occur. Handling errors securely ensures that the error path, such as exceptions, doesn’t disclose additional information that would not be available otherwise. Attackers can use this additional information to learn how to attack the system.

Here are some best practices.

  • Don't use an error message that discloses information about the web server configuration because it can help an attacker identify potential weaknesses.
  • Use a generic β€œusername and/or passphrase is invalid” message instead of β€œusername not found” or β€œpassword is incorrect” to prevent user enumeration.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.