How to secure an AJAX call from a facebook canvas application.

Posted by user259349 on Stack Overflow See other posts from Stack Overflow or by user259349
Published on 2010-05-18T05:03:48Z Indexed on 2010/05/18 5:10 UTC
Read the original article Hit count: 398

Filed under:

facebook-application

|

facebook

|

AJAX

Reading this Ajax example,

http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example

I found the following line. I'm not sure what to understand out of it, how do you "check the sig values per Platform spec"?

"Note: For brevity's sake we are trusting $_POST['fb_sig_user'] without checking the full signature. This is unsafe as anyone could easily forge a user's action. Always be sure to either use the Facebook object which is supplied with the client libraries, or check the sig values per Platform spec"

© Stack Overflow or respective owner

Related posts about facebook-application

football manager facebook application

as seen on Stack Overflow - Search for 'Stack Overflow'
hey guys i'm about to begin a football manager inspired facebook application in php/mysql and had a couple of questions: 1) where would be the best place to host the database? any services offered within great britain would be excellent! 2) does anyone have any ideas on how i could use player statistics… >>> More
Facebook Application Development - Tips For Owners and Designers

as seen on Ezine Articles - Search for 'Ezine Articles'
Facebook applications are an innovation aimed to help their owners to make the most of one of the largest social networks. But like any other popular novelty, this Facebook option raises a lot of questions too. In this article you will find tips and recommendations which can be helpful when planning… >>> More
facebook application description

as seen on Stack Overflow - Search for 'Stack Overflow'
is it possible to return Facebook Application Description just like we can return Application Name using >>> More
Project host for a small group developing a Facebook application

as seen on Stack Overflow - Search for 'Stack Overflow'
I am starting a Facebook application with a couple of friends. What good, free, online, collaborative project hosts can we use from home? So far I am thinking about something similar to git, but with a graphical interface maybe. >>> More
How to invite users to connect to your application using Facebook Application Development interfaces

as seen on Stack Overflow - Search for 'Stack Overflow'
I think that this question already questioned, and probably the answer is here: http://wiki.developers.facebook.com/index.php/Notifications.send but the real problem is that facebook says: Facebook discontinued support for this method March 1, 2010. Calling this method returns error code 3 -- Unknown… >>> More

Related posts about facebook

La rubrique Qt sur Facebook, devenez vous aussi fan et suivez l'actualité Qt depuis Facebook

as seen on Developper.com - Search for 'Developper.com'
Comme vous l'avez probablement remarqué, les réseaux sociaux explosent de partout, Developpez.com et toutes ses rubriques se doivent donc, comme toujours auparavant, de suivre l'évolution en s'ouvrant à ces réseaux sociaux. Vous pouvez donc désormais suivre l'actualité de la rubrique sur Facebook… >>> More
facebook application using iframe on Facebook Developer Toolkit 3.0

as seen on Stack Overflow - Search for 'Stack Overflow'
hey i am trying to build facebook iframe application using the Facebook Developer Toolkit 3.01 asp.net c#. i am working by the ifrmae sample of the toolkit can be download here. www.facebooktoolkit.codeplex.com/releases/view/39727 this is my facebook application that is the same as the iframe sample… >>> More
Obtain information from Facebook public profiles through Facebook API

as seen on Stack Overflow - Search for 'Stack Overflow'
I've started a little project about marketing research over social networks. Basically we need to gather information from public profiles and conduct some statistical analysis over this data. I want to know if the Facebook API lets you query information from the public profiles without them having… >>> More
Facebook event creation through iPhone app and Facebook Connect

as seen on Stack Overflow - Search for 'Stack Overflow'
How is this done? Is it even possible? All the function calls seem correct, but the result is always false: NSString *event = @"{\"name\":\"A party\",\"start_time\":\"1215929160\",\"end_time\":\"1215929160\",\"location\":\"Somewhere\"}"; NSDictionary *params = [NSDictionary dictionaryWithObject:event… >>> More
Example to get Facebook Events using sdk v4 from fan page into Wordpress site [on hold]

as seen on Stack Overflow - Search for 'Stack Overflow'
Been trying to update to the new FB php sdk v4 for pulling events into my website, but having trouble finding how to do it. I want to pull public event information from a FB "page" using their fan page ID number. For example, a venue that has multiple events. What are the minimal classes I need… >>> More