What is Salesforce?

Salesforce.com is a vendor of Customer Relationship Management (CRM) solutions, which it delivers to businesses over the Internet using the software as a service model.

History

Origins

Salesforce.com was founded in 1999 by former Oracle executive Mac Benioff . In June 2004, the company went public on the New York Stock Exchange under the stock symbol CRM. Initial investors in salesforce.com were Marc Benioff,Larry Ellison,Halsey Minor, Magdalena Yesil and Igor Sill, Geneva Venture Partners.

Current status

Salesforce.com is headquartered in San Francisco, California, with regional headquarters in Dublin (covering Europe, Middle East, and Africa), Singapore (covering Asia Pacific less Japan), and Tokyo (covering Japan). Other major offices are in Toronto, New York, London, Sydney, and San Mateo, California. Salesforce.com has its services translated into 16 different languages and currently has 55,400 customers and over 1,500,000 subscribers. In 2008, Salesforce.com ranked 43rd on the list of largest software companies in the world.

Products and Services

Customer Relationship Management

Salesforce.com’s CRM solution is broken down into several applications: Sales, Service & Support, Partner Relationship Management, Marketing, Content, Ideas and Analytics.

Force.com Platform

Salesforce.com’s Platform-as-a-Service product is known as the Force.com Platform. The platform allows external developers to create add-on applications that integrate into the main Salesforce application and are hosted on salesforce.com’s infrastructure.

These applications are built using Apex (a proprietary Java-like programming language for the Force.com Platform) and Visualforce (an XML-like syntax for building user interfaces in HTML, AJAX or Flex).

AppExchange

Launched in 2005, AppExchange is a directory of applications built for Salesforce by third-party developers which users can purchase and add to their Salesforce environment. As of September 2008, there are over 800 applications available from over 450 ISVs.

Customization

Salesforce users can customize their CRM application. In the system, there are tabs such as “Contacts”, “Reports”, and “Accounts”. Each tab contains associated information. For example, “Contacts” has standard fields like First Name, Last Name, and Email.

Customization can be done on each tab, by adding user-defined custom fields.

Customization can also be done at the “platform” level by adding customized applications to a Salesforce.com instance, that is adding sets of customized / novel tabs for specific vertical- or function-level (Finance, Human Resources, etc) features.

Web Services

In addition to the web interface, Salesforce offers a Web Services API that enables integration with other systems.

Mobile support

In April 2009, Salesforce released a slimmed down version of their application for subscribers with Blackberry, iPhone, and Windows mobile devices

Languages

English, Dutch, Spanish, German, French, Finnish, Swedish, Japanese, Italian, Portuguese (Brazilian), Korean, Russian, Thai, Danish, Simplified Chinese and Traditional Chinese. Application and online help & training documentation are available in these languages.

Also, end user languages are available in Hungarian, Czech, Turkish, Polish, Lithuanian, Latvian & Estonian.

Other

Other technologies in use at salesforce.com are Resin Application Server, and the in-house technologies Apex (a Java-like programming language and programming platform) and S-controls (Salesforce widgets – these are predominantly based on JavaScript).

ADVANTAGES

Cloud Computing

These new ways of building and running applications are enabled by the world of cloud computing, where you access applications, or apps, over the Internet as utilities, rather than as pieces of software running on your desktop or in the server room. This model is already quite common for consumer apps like email and photo sharing, and for certain business applications, like customer relationship management (CRM).

Force Platform is the world’s first Platform as a Service (PaaS), enabling developers to create and deliver any kind of business application in the cloud, entirely on-demand Platform App and without software

Data-Centric Apps

A data-centric app is an application that is based on structured, consistent information such as you might find in a database or an XML file.We can find these data-centric apps everywhere, in small desktop databases like Microsoft Access or FileMaker, all the way to the huge systems running on database management systems like Oracle or MySQL. Unlike applications that are built around unstructured data, like plain text documents or HTML files, data-centric apps make it easy to control, access, and manage data.

• Unparalleled time to value. Salesforce.com minimizes the risk involved in implementing business applications like CRM by eliminating the need for up-front capital investment, making the path to CRM success exceptionally short. Salesforce implementations usually take less than a month and rarely exceed three months, compared to 12 months or longer with client/server software. According to a recent study by Triple Tree and the Software and Information Industry Association (SIIA), on-demand deployments are 50 to 90 percent faster, with a total cost of ownership five to ten times less than installed software.
• Less expensive initially-and in the long run. It’s easy to see why a multitenant, on-demand solution is much less expensive initially. There is no hardware to purchase, scale, and maintain, no operating systems, database servers, or application servers to install, no consultants and staff to manage it all, and no need for periodic upgrades.
• Easy upgrades. Customers of on-demand applications benefit from instant deployment of new versions, which means the entire customer base is always on the latest version. Since customizations and integrations are maintained through upgrades, change management discussions can focus on taking immediate advantage of the new features and innovations available with each release.
• Better service delivery. Due to the on-demand model’s tremendous economies of scale and our seven-year focus on service delivery, salesforce.com can provide higher service levels than the vast majority of companies can achieve on their own. We use the best technologies, policies, and procedures to ensure security at the facilities, application, and network level; to ensure maximum uptime and continuous availability; and to provide a performance record we’re proud of. In fact, we’re the only vendor who makes performance statistics available on a public site: http://trust.salesforce.com.
• Better scalability. Successful businesses are continually changing and growing: Employee growth, transaction growth, the launching of new products and services, mergers and acquisitions, or any number of business events can dramatically and suddenly alter business needs.
• Easier to customize. Users of on-premise solutions have no choice but to wait weeks or months for even minor modifications to their applications, and in some cases their requests are never met at all. The Salesforce application was designed from the beginning to make performing basic customizations to the user interface and underlying data objects easy, so that even business users could customize in minutes, without programming. Without the burden of fulfilling constant requests for minor customizations, IT is free to concentrate on performing more advanced customizations, such as associating specific behavior with objects that can be triggered by a wide range of system events.
• Users are more satisfied and productive. A major reason on-premise deployments often fail is because of low user adoption-data that’s cluttered or difficult to get to quickly results in user resistance. Salesforce’s award-winning, easy-to-use interface has resulted in the highest user adoption rates in the industry.
• Easier for administrators. Administrators can tailor processes and define how data is viewed for different departments and work groups, while ensuring that users can access only that data for which they are authorized. Salesforce’s ease of use extends to its administration functions. In fact, Forrester named Salesforce the “#1 On-Demand CRM Solution for Administration.”
• Nurturing true value and innovation. By eliminating many of the problems related to traditional application development, the on-demand model frees developers to focus on developing solutions that deliver real business value. Salesforce.com supports developers with a host of on-demand development tools-including a point-and-click customization tool, toolkits for the most popular development environments, and the upcoming Force.com programming language-Apex-as well as the Force.com Developer Network. The Force.com community has grown rapidly, resulting in hundreds of innovative solutions that are made available to customers via the AppExchange directory, salesforce.com’s popular marketplace for pre-integrated, on-demand applications.

Disadvantages

Detractors claim that sales force management systems are:

• difficult to work with
• require additional work inputting data
• dehumanize a process that should be personal
• require continuous maintenance, information updating, and system upgrading
• costly
• difficult to integrate with other management information systems

Technologies Behind a Force Platform App

Multitenant architecture :

An application model in which all users and apps share a single, common infrastructure and code base.

Metadata-driven development model:

An app development model that allows apps to be defined as

declarative “blueprints,” with no code required. Data models, objects,forms, workflows, and more are defined by metadata.

Force PlatformWeb Services API:

An application programming interface that defines a Web service that provides direct access to all data stored in Force Platform from virtually any programming language and platform

Apex:

The world’s first on-demand programming language, which runs in the cloud on Force Platform servers

Visualforce

A framework for creating feature-rich user interfaces for apps in the cloud

Force Platform Sites

Public websites and applications that are directly integrated with your Salesforce organization-without requiring users to log in with a username and password

AppExchange directory

A Web directory where hundreds of AppExchange apps are available to Salesforce customers to review, demo, comment upon, and/or AppExchange directory install. Developers can submit their apps for listing on the AppExchange directory if they want to share them with the community.

Future

• A shift from the mainframe to client/server systems, resulting in a move from legacy systems to packaged enterprise systems.
• The rise of the PC, resulting in unprecedented user productivity-as well as a proliferation of data islands.
• The rise of the Internet and perpetual network access, which led to an information explosion and changed the way millions of people work, play, and shop.
• The emergence of Web services standards and technologies such as multitenant architectures.
• The move towards service oriented architecture (SOA) approaches by most major software vendors, making integration with back-end systems easier.
• The emergence of the on-demand model, which shifted the software market from an ownership to a “rental” model, freeing businesses from ownership hassle and expense. Salesforce.com is one of the most successful examples of this model, with 35,300 customers and more than 575 applications.

Applications Developed in Salesforce

All of the public web sites listed here have been built with Force.com Sites and run on the Force.com platform.

http://developer.force.com/sitesgallery

Currently, at digicorp we are developing an healthcare application on salesforce platform some brief overview about the application is as follows:

Used to store patient’s details like, Vital, Allergies, Medications order, Radiology order, Lab order, Referral order, Patient’s history etc. User can generate the messages for different type of orders to clerk/provider to enter into system/signoff respectively. It alos allows to store scanned documents of patients’ documents and generate the message to the provider as well. It allows to print the reports of Patient visits, orders, documents etc.

Original Content From:

http://www.salesforce.com

http://en.wikipedia.org/wiki/Salesforce.com

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. This vulnerability is present when user input is manipulated for string literal escape characters embedded in SQL statements or user input is not sufficiently filtered and thereby unexpectedly executed.

How SQL Injection looks like?

Basic SQL Injections

If anybody want to pull up the records of particular user name from the user information table and if “username” variable is set as

X‘ OR ‘Y‘ = ‘Y

By inputting the above code as user name , Let see how’s it work at back end?

SELECT * FROM UserInformation WHERE UserName = ‘X’ OR ‘Y’ = ‘Y’

If we use this type of code were in an authentication procedure then this example could be used to force the selection of a valid “username” because the evaluation of ‘Y’='Y’ is always true and you will be logged in as the user on top of the SQL table.

Same way if the “username” variable is set as

X‘ OR 1 = 1 –-

If we use double dashes (–) than at the back end these dashes at the end tell the SQL server to ignore the rest of the query.

SELECT * FROM UserInformation WHERE UserName = ‘X’ OR 1 = 1 –-‘

Same way more SQL Injection syntaxes are:

‘) OR (‘1’ = ‘1

‘ OR ‘1’ = ‘1

‘ OR 1 = 1

“ OR “1”= “1

“ OR 1 = 1 –-

OR 1 = 1 –-

How can we get free from SQL Injection?

• Validate all input before using it.We can validate the input by this way.Reject the input that contains the following characters:

1. Single Quote(‘)

2.  Dash ( – )

3.  /* and */

4. Semicolon ( ; )

• User parameterized input with stored procedures: Stored procedures may be susceptible to SQL injection if they use unfiltered input. So all the input provided to the stored Procedures is provided in the form of parameters

• Filtering input: Replace a Single Quote (‘) with two Single Quotes (‘’) to filter the input.

• Limit the database permission: Use a limited access account to connect to the database

• Don’t store secrets in plain text: Encrypt or hash passwords and other sensitive data; you should also encrypt connection strings

• Exceptions should divulge minimal information: Don’t expose too much information in error messages; display minimal information in the event of error handling.

Reference :

http://en.wikipedia.org/wiki/SQL_injection

http://www.secureworks.com/research/articles/sql-injection-attacks

The blog is SQLAuthority and is written by highly talented individual Pinal Dave.

Pinal Dave is Microsoft SQL Server MVP and author of over 800 SQL Server articles. He has over six years experience as Sr. Project Manager and Principal Database Administrator in MS SQL Server 2008/2005, .NET (C#) and ColdFusion MX. He has a Masters of Science degree in Computer Networks, along with MCDBA, MCAD(.NET) and ColdFusion Advanced MX Certifications.

Here is the link of the article.

Please do read it and leave your comments.