Misc Flashcards

1
Q

HTTP Status Codes for REST API

A

200 - OK Status code for GET or HEAD
201 - Created Success Code for POST
204 - No Content Success Code for Delete
300 - External ID exists in more than one record
304 - The request content has not changed since a
specified data and time
400 - Bad Request. Could’t be understood. Error in
JSON/XML
401 - Session Id or OAuth token is invalid/expired
403 - Request refused. Check user permission
404 - Requested resource couldn’t be found
500 - Error with Force.com. Contact Salesforce support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What can the Chatter REST API access?

A

Feeds

Users, Groups, Followers and Files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is different with Chatter REST API?

A

Supports applications built on Social data.

Pre-aggregation fo data from different objects
/chatter/users/me

Data automatically localized to the User’s time zone and language

Built-In Pagination
nextPageURL, currentPageURL

Structured for rendering on web sites and mobile devices

Easy object relationship traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Examples of Chatter REST API

A

Requesting a news feed. GET()
/services/data/v30/chatter/feeds/news/me/feed-items

Updating a user’s status. POST() provide update in req body
/services/data/v30/chatter/feeds/news/me/feed-items

@mention Include user id and text to mention in req body
/services/data/v30/chatter/feeds/news/me/feed-items/feeditemid/comments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Design Patterns when using SOAP API from multiple external applications.

A
- Wrapper class
Contains generic logic for reuse. Includes methods for login and session management, query patterns, CRUD operations and exception handling. Does no contain application specific code.
  • Delegator Class
    Instantiates a wrapper class. Delegates or assigns tasks to other objects and methods. may not be reusable if it contains app specific logic
  • Helper Class
    Provides additional functionality like logging (log4j) and data mapping. Store system-system map in a table or XML file and read at run time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the types of XSS?

A

Reflective XSS

  • Triggers off of a link
  • Interactive

Stored XSS

  • Persistent
  • Triggers when the exploited page is viewed

DOM XSS

  • Similar to Reflective XSS
  • Attack is not embedded in the page
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How are XSS attacks delivered?

A

Email
Pop-ups
Web Pages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When does Visualforce not perform automatic encoding?

A
escape = "false"
includeScript
inline javascript
on* events like on click
style=""
helpTitle = ""
bare html {!blah}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does Visualforce protect against CSRF attacks?

A

It includes a CSRF token as part of the view state which is unique for a user and page.

HTTP Get requests are not CSRF safe. Do not use get parameters to perform DML operation. use form POST.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly