How to secure an AJAX call from a facebook canvas application.

Posted by user259349 on Stack Overflow See other posts from Stack Overflow or by user259349
Published on 2010-05-18T05:03:48Z Indexed on 2010/05/18 5:10 UTC
Read the original article Hit count: 403

Reading this Ajax example,

http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example

I found the following line. I'm not sure what to understand out of it, how do you "check the sig values per Platform spec"?

"Note: For brevity's sake we are trusting $_POST['fb_sig_user'] without checking the full signature. This is unsafe as anyone could easily forge a user's action. Always be sure to either use the Facebook object which is supplied with the client libraries, or check the sig values per Platform spec"

© Stack Overflow or respective owner

Related posts about facebook-application

Related posts about facebook