Geek Answers Handbook

Javascript Security for Javascript

I am using the javascript sdk framework to provide custom login functions for a website.

What I would like to do is simply take the registered facebook user unique identifier and then put / extract data to / from the mysql database using the identifier to determine what data is available for the specified user.

However, I really don’t feel that it is very safe. Although I do not store anything sensitive like credit card information, etc., I would prefer it to be as secure as possible.

My fear is that with the fact that javascript is what it is, someone can fake the facebook id and just pull whatever it wants.

I know that php sdk will provide a solid solution to this problem, but I like JavaScript mainly because it is easy to use and I have the basis for creating it (I admit it, I'm lazy).

So my questions are:

  • Would it be determined to be as uncertain as I think?

  • Is there anything I can do to increase the security of such a system besides switching to php sdk?

Thank!

+5
source share
2 answers

Facebook IDs are pretty hard to do (most users will only know their own). Depending on what you store in the database (which will not be anything that the user will not be able to obtain on their own unless you ask for extended permissions)

, , , facebook, . .

, :

* A signed_request is passed to Apps on Facebook.com when they are loaded into the Facebook environment
* A signed_request is passed to any app that has registered an Deauthorized Callback in the Developer App whenever a given user removes the app using the App Dashboard
* A signed_request is passed to apps that use the Registration Plugin whenever a user successfully registers with their app

, , ( , ). - .

URL- (param = "signed_request" ). #, , javascript

+4

, curl. , Facebook , . , , iframe pass. , , Facebook, , iframe .

+1

More articles:


All Articles