How to secure an AJAX call from a facebook canvas application.
Posted
by user259349
on Stack Overflow
See other posts from Stack Overflow
or by user259349
Published on 2010-05-18T05:03:48Z
Indexed on
2010/05/18
5:10 UTC
Read the original article
Hit count: 403
Reading this Ajax example,
http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example
I found the following line. I'm not sure what to understand out of it, how do you "check the sig values per Platform spec"?
"Note: For brevity's sake we are trusting $_POST['fb_sig_user'] without checking the full signature. This is unsafe as anyone could easily forge a user's action. Always be sure to either use the Facebook object which is supplied with the client libraries, or check the sig values per Platform spec"
© Stack Overflow or respective owner