I'm planning on creating an Talend as an ETL tool to migrate data between salesforce instances. I would like to know how secure is talend and is it saving the extracted data before sending it to the target environment?.
There are basic and OAuth2 login type.
For OAuth2 login type, you can access Salesforce.com by entering your consumer key and consumer secret. This way, your user name and password will not be exposed, but extra work is required.
Please take a look at component references about:TalendHelpCenter:tSalesforceInput and TalendHelpCenter:tSalesforceOutput.
What we can do is to make sure that Talend will be your best choice!
I believe the question was not about securely logging in to Salesforce but if data extracted via tSalesforceInput or data imported via one of the tSalesforceOutput(XXX) components is stored anywhere on the server running the job which is out of control of the user. The short answer would be: yes if you are using the Salesforce Bulk API and probably no if you are using the SOAP API. You are telling Talend to use the Bulk API if you either select "Bulk Query" in the "Query mode" of tSalesforceInput or if you use tSalesforce(Output)BulkExec. In this case, you may find "unsecure" extracts in the server's temp directory (with almost random file names). As you are planning to do a migration, you will probably want to use the Bulk API. You will have to test your scenario with non-production data and have a look at the running user's temp directory. Everything else can be controlled in the job design and cleared up at the end of a job (which is definitely necessary).
By the way: any uncontrolled usage of the running user's temp directory, especially when using tSalesforceInput in bulk mode, should be changed. It should be possible to specify the location and the name of such temporary files in the Salesforce components.
Last edited by JoRoesecke (2016-11-16 09:04:25)
The short answer is: do not try this unless you absolutely have to.
Long answer (just ideas):
If you want to start a Talend job from within Salesforce Apex code, one idea would be to expose a REST webservice created with Talend ESB. This webservice would need to be accessible by Salesforce, i.e. it must be exposed to the internet, which may raise quite some security discussions depending on your setup. This ESB service could then start your job. The ESB service could be started via a callout from Apex code.
Please do not ask me how to set up CORS or how to create a Talend ESB job. There is a lot of information to be found on the WWW.