One of the common issues we face during integration with salesforce is to handle different environments of legacy applications and integrating them with different sandboxes in Salesforce. For e.g If there is a dev environment of an application and it is connecting to development sandbox, How can we ensure that the dev environments of legacy applications never connect to the production version of salesforce? The same thing can be vice versa also for callouts made in Salesforce. Here are common solutions to handle the problem.
a. Have Unique userid and password for each sandbox for integration might ensure that the dev version of the legacy application will not connect to Production version. Now this would add over head to maintenance .
b. Using Ip filtering in salesforce and blocking requests from Dev environments might help to secure the data in Production. But if the legacy application is in a revese proxy environment, the ips might not be reliable.
c. The permanent solution is to use machine names of the legacy environment and map it to a custom setting property in Salesforce. So the legacy application would send the server name on where it is running to salesforce as a request parameter. Apart from the login authentication, salesforce would check the request environment parameter and if it matches the custom property server name, salesforce would allow the connection or else would throw a custom error exception to the service.
The above 3 solutions would help to solve Multiple environments connecting to Salesforce and would always allow the right environments to connect to each other accordingly.