Any official recommendation from salesforce to use this.

Scott Wells repo owner

Hi. No, there’s no official recommendation from Salesforce. The concern about where information is sent comes up regularly in security/InfoSec-style questionnaires from purchasers, and here’s the general response:

When installed, the plugin communicates with two external systems:

1. The Salesforce organizations which have been explicitly authenticated by the end user. For native connections (those managed by the product itself), all credentials are stored securely in JetBrains PasswordSafe. OAuth connections are managed by the Salesforce CLI, and only access tokens and refresh tokens are stored locally (again, by the Salesforce CLI), not credentials. All communications occur over HTTPS/SSL using the standard Salesforce SOAP and REST APIs.
2. The licensing servers at https://wyday.com, and if direct access is not allowed, offline activations can be used.

Salesforce source and metadata files are stored on the local machine in the project directory structure and are transferred to/from the connected Salesforce organizations.

No usage or telemetry data is ever transmitted by Illuminated Cloud 2, though depending on how it's configured, the host JetBrains IDE may do so. That can be disabled as well, though.

I’m happy to provide a response to a security questionnaire for this client as well if that helps to address any concerns.

2023-05-04T13:43:44+00:00

Comments (2)

Scott Wells repo owner
Hi. No, there’s no official recommendation from Salesforce. The concern about where information is sent comes up regularly in security/InfoSec-style questionnaires from purchasers, and here’s the general response:

When installed, the plugin communicates with two external systems:

1. The Salesforce organizations which have been explicitly authenticated by the end user. For native connections (those managed by the product itself), all credentials are stored securely in JetBrains PasswordSafe. OAuth connections are managed by the Salesforce CLI, and only access tokens and refresh tokens are stored locally (again, by the Salesforce CLI), not credentials. All communications occur over HTTPS/SSL using the standard Salesforce SOAP and REST APIs.
2. The licensing servers at https://wyday.com, and if direct access is not allowed, offline activations can be used.

Salesforce source and metadata files are stored on the local machine in the project directory structure and are transferred to/from the connected Salesforce organizations.

No usage or telemetry data is ever transmitted by Illuminated Cloud 2, though depending on how it's configured, the host JetBrains IDE may do so. That can be disabled as well, though.

I’m happy to provide a response to a security questionnaire for this client as well if that helps to address any concerns.
- 2023-05-04T13:43:44+00:00
Scott Wells repo owner
- changed status to resolved
- 2023-05-04T13:43:54+00:00
Log in to comment