Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > General Security Best Practices

Use Secure Defaults

As an administrator, you want to make the user experience secure and reduce the number of default security settings. Configure security settings so that users must opt out of default security settings rather than opt in. If there's a security risk, clearly label insecure functionality in APIs or the user interface to discourage use.

Here are some examples.

  • Call a function "dangerousInlineHTML". Don't call it "inlineHTML".
  • Business Manager enforces security questions for password reset by default. This setting should always be enabled, but customers can choose to disable it if their business demands it.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.