Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > General Security Best Practices

Use a Positive Security Model

A positive security model, also known as a safelist approach, defines what is allowed and rejects everything else. Use this approach to make sure that you can allowlist only the known good input instead of trying to disallow all possible bad input.

In addition, take the following precautions.

  • When validating user data input, verify the input against a safelist of alphanumeric characters instead of filtering out bad input.
  • When configuring an access control area, deny access to everything and allow access only to specific authorized resources or functions.
Related tasks
Configure Access Settings
Create CSRF Allowlists

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.