Security Misconfiguration

Record IDs change between environments. For this reason, any logic that uses hardcoded IDs will fail when deployed to a different Salesforce environment.

Named credentials make callouts much easier to maintain. For example, if an endpoint URL changes, named credentials allow updating it without any code changes. Furthermore, named credentials don’t need remote site settings, otherwise required for callouts to external sites via Apex.

Record IDs change between environments. For this reason, any logic that uses hardcoded IDs will fail when deployed to a different Salesforce environment.

Lightning Locker is the built-in security architecture for Lightning components. It enhances security by promoting several best practices, including eliminating access to specific APIs and framework internals. Lightning Locker can be disabled for an Aura component by setting the Salesforce API version to 39.0 or lower for the component. If an element is set to at least API version 40.0, Lightning Locker is enabled.

The user browser can save and remember the entered values for user input fields with autocomplete-enabled attributes. This might reveal sensitive information like passwords, especially on public and multi-user computers.

Record IDs change between environments. For this reason, any logic that uses hardcoded IDs will fail when deployed to a different Salesforce environment.