In March 2020 (after the Spring ’20 Release), Salesforce will start enforcing new security policies specifically for Salesforce public sites (Force.com, Site.com, and Communities). The schedule for rollout will be released in February 2020.
Who does this impact?
All customer organizations with Salesforce Sites, Site.com sites, legacy portals, or community sites. If you aren’t sure whether this impacts your organization, consider that if Salesforce is driving any content that your customers or partners can access, it most probably affects you. For example, this will affect our Simple Survey customers, as the Simple Survey Landing Page uses a Site.com site to present the survey questions and capture the customer responses.
What is this release about? How will this release affect you?
Simply put, the goal is to improve security by enforcing authentication where possible, locking down access to the site guest user. Enabling this limits the visibility and access that guest users have to your org’s data. Let’s review some of the new rules.
What accommodations need to be made for Simple Survey?
We have had to remove a setting that allowed customers to bypass the default sharing model in Simple Survey and create their own security logic. Customers may want to remove any custom sharing settings created for Simple Survey as the new default sharing logic handles everything properly by default. We are performing a push update to all sandbox and production orgs in advance of Salesforce’s rollout to prevent issues related to this setting.
Will this release impact me?
You should test your org to ensure you identify any needed security changes needed. Starting in Winter ‘20, you can test upcoming security changes in your org at no risk, allowing you to roll back at any time. To do so, go to Setup > Security Controls > Security Alerts and follow the steps in each security alert.
We recommend that you have a testing plan to test the changes as stated above. To get started, use the SAMPLE TEST PLAN that Salesforce has provided, which can be found here.
Here is Salesforce documentation about more ways to secure your site: