Salesforce B2C Commerce 24.5 > B2C Commerce Security Guide

Security Best Practices for Administrators

⚠️ The annual cost of maintaining the server where this website is hosted, the domain, and keeping it up-to-date is approximately €3,000 per year. Help us with a small donation to cover these expenses. Support Now!

0 / 10000 €

You can use Business Manager to secure your site and ensure a safe online shopping environment for your customers. In doing so, you also secure Business Manager by preventing attackers from removing security controls that you previously configured.

  • Determine How to Block Attacks
    While Salesforce B2C Commerce provides security protections, customers are responsible for configuring security controls and for not removing security controls that are enabled by default. You must consider all of these aspects to maintain the security of your B2C Commerce instance.
  • Network Access Restrictions
    The network level is the first line of defense against attackers trying to access your assets. Salesforce B2C Commerce uses two mechanisms: one for storefronts and one for Business Manager.
  • Secure Communications
    Secure communications are crucial to prevent attackers from reading or changing sensitive information, for example, credit cards, personally identifiable information (PII), credentials, and so on. Within Salesforce B2C Commerce, you can secure these interactions using the following secure protocols.
  • Secure Storage
    Salesforce B2C Commerce stores many types of sensitive information, the most important being credit card details.
  • Authentication and Authorization
    Authentication and authorization are key security concepts. To configure security controls, you need access to Business Manager.
  • Security Event Auditing
    Salesforce B2C Commerce provides various log files, including a security log. The security log contains log entries for Business Manager logins.
  • Denial-of-Service Protection
    In a denial-of-service (DoS) attack, the attacker attempts to deny computer resources to a network’s users. Attackers usually accomplish this by overwhelming the target computer system’s resources with unauthorized requests, which prevent valid users from accessing the network.
  • Data Privacy and Protection
    The Salesforce B2C Commerce Services have a robust data security and privacy program in place. For information on Data Privacy and Protection and related topics, see the referenced resources.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.