Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > General Security Best Practices

Minimize the Attack Surface

The aim for secure development is to reduce the overall risk by reducing the attack surface that’s exposed to potential attackers. Every port you open, every external library you use in your code, and every user you give access to your data creates a new attack surface. Reduce the overall risk to the system by minimizing the attack surface.

Here are some examples.

  • A server running unnecessary services such as FTP, SMB, and Telnet gives the attacker an opportunity to exploit a vulnerability in any of those listening services.
  • A web API built with only HTTPS exposed on the server minimizes attackable ports and prevents eavesdropping.
  • A feature that uses many third-party libraries in the code, some of which you might not need, is vulnerable to potential issues in any of those libraries.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.