Search Results

Search found 4303 results on 173 pages for 'facebook fql'.

Page 47/173 | < Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >

  • What is the feature that imports URL information into facebook and google+?

    - by Michael
    What I am trying to do. I want to be able to import heading, short description and an image into my website, just using a link. I am using Joomla but can switch to any CMS, or try to build an extension myself. The problem is I dont know where to look for example code, or what to look for. To me it doesnt seem like too difficult a process. Also, the code must be out there, with a little tweaking I can probably use someone elses, but I dont even know what to search for.

    Read the article

  • What server-side language should I learn to be able to start big user-input websites (like twitter, facebook, stackexchange...)?

    - by DarkLightA
    I'm thinking ASP.NET, but I don't really know. Can someone tell me what a good server-side language for the "Zuckerberg-dorm-room-starting-up-a-huge-website" deal? I know the latter used PHP, but as I've understood it that's kind of outdated and C#/ASP.NET is a better way to go about it. Is HTML + CSS + JavaScript + C#/ASP.NET MVC + MySQL a good combination for it? Is MySQL combined in ASP.NET MVC? Also, where's a good tutorial for the server-side language you suggest? As mentioned previously it has to be able to handle massive user-input without much fuss.

    Read the article

  • Webpage shared with like button not showing in users timeline

    - by einar
    I have a single pages and a one page that lists all of the single pages. On the overview page you can like each single page with their url. And of corse you can do the same when you are viewing a single page. My issue is very strange. Most of the pages that I would like show up on my timeline. But then there are some that don't show after I click like, not even if I click on "Post to Facebook". This page will not show in a users timeline if liked ore "Post'ed to Facebook". http://www.inspiredbyiceland.com/inspiration/iceland-airwaves/valdimar/ But this one will http://www.inspiredbyiceland.com/inspiration/iceland-airwaves/snorri-helgason/ But these pages are excls the same, they use the same template so the code should not be any different, and in fact I cant see any differents between these pages that could be causing this kind of problem. You can view the overview page here http://www.inspiredbyiceland.com/inspiration/iceland-airwaves/ . Most of the single pages work fine and show up on users timeline. Most of the content on the site works fine so far as I know. There is an Facebook application defined on the page. I'm not sure if that is related to this problem.

    Read the article

  • 'send' button error 401

    - by jjd
    I'm having a strange error with 'Send' button I have the following code on my page <div id="fb-root"></div> <script type="text/javascript"> (function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&amp;appId=<myAppId>"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk')); </script> <br/> <fb:like send="true" width="450" show_faces="true"></fb:like> The 'send' button works fine if I access the application via IP address, but if I use a domain name, Facebook returns The page at http://<...>.com:8080/pages/question.jsf could not be reached because the server returned status code 401. Meantime 'like' button works fine. The application front-end is built with JSF2+Primefaces. Any ideas would be appreciated Thanks

    Read the article

  • Some questions about dotnetopenauth

    - by chobo2
    Hi I have a couple outstanding questions mainly reguarding twitter and facebook In the FacebookGraph class there are properties such as Id,name,etc. I am wondering how do I add to this list? Like what happens if I want a users hometown? I tried to add a property called hometown but it always is null. What should I store their id(1418) or the whole url(http://www.facebook.com/profile.php?id=1418) for lookup later in my db to grab their data and to see if they have an account with my site? Is it actually good to use this id as it seems like it is common knowledge. Can't someone just find the profile id or whatever and do a fake request on my site? how do you setup dotnetopenauth to deal with the case when a user goes to facebook and deletes access to my website. I know you can send a deauthorization code to your site and then delete their account but I don't know how to do that through dotnetopenauth Twitter Is it possible to do number 4 with twitter? Ajax Is it possible to make the openid stuff ajax? I don't see a sample anywhere in the dotnetopenauth samples.

    Read the article

  • call FB.login() after FB.init() automatically

    - by Tobi Projectx
    i`m developing an app for Facebook. My Code: function init() { window.fbAsyncInit = function() { var appID = 'xxxxxxxxxxxxxxxxxxxxxxxxxx'; FB.init({ appId: appID, status: true, cookie: true, xfbml: true}); login(); }; (function() { var e = document.createElement("script"); e.async = true; e.src = "https://connect.facebook.net/en_US/all.js?xfbml=1"; document.getElementById("fb-root").appendChild(e); }()); }; function login() { FB.login(function(response) { if (response.session) { if (response.perms) { // user is logged in and granted some permissions. // perms is a comma separated list of granted permissions } else { // user is logged in, but did not grant any permissions } } else { // user is not logged in } }, {perms:'read_stream,publish_stream,offline_access'}); }; I want to call the "init" function and after "init" should call the "login" function (open up the Facebook Login Window) automatically. But i always get "b is null" FB.provide('',{ui:function(f,b){if(!f....onent(FB.UIServer._resultToken));}}); Error in Firebug. Can anybody help me? Does anybody have the same problem? Thanks

    Read the article

  • facebook app using fbml displays nothing

    - by fusion
    i've made an app in php and html and trying to integrate it with fb. the app on my website is using jquery, but knowing that fbml doesn't support jquery, i've tried to instead use fbjqry. this doesn't work either. i'm not sure where i'm going wrong. /////////////// index.php: <?php // Copyright 2007 Facebook Corp. All Rights Reserved. require_once 'config_fb.php'; //***** Greet the currently logged-in user! echo "<p>Hello, <fb:name uid=\"$user_id\" useyou=\"false\" />!</p>"; include 'quote.html'; ?> ///////////////// quote.html: <!DOCTYPE html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel="stylesheet" type="text/css" href="css/jquote.css" /> <!--<script type="text/javascript" src="scripts/jquery-1.4.2.js"></script>--> <script type="text/javascript" src="fbjqry/utility.js"></script> <script type="text/javascript" src="fbjqry/fjqry.js"></script> <script type="text/javascript"> // On page load, fill the box with content. $(document).ready(function() { $("#quoteContainer").load("quote.php"); }); var auto_refresh = setInterval( function () { $('#quoteContainer').load('quote.php'); }, 5000); // refresh every 10000 milliseconds </script> </head> <div id="wrapper"> <div class="header">&nbsp;Quote of the Day</div> <div id="quoteContainer"> </div> </div> </html> //// from the above file it should take quotes from quote.php and display it, but it doesn't display anything. it seems as though it isn't reading from the quote.php file. is the command of fbjqry different from jquery? if i use iframes instead of fbml, everything loads correctly except that i'd like tab/profile box for this app, which iframes doesn't have.

    Read the article

  • URL routing similar to Facebook (related to AJAX and the URL)

    - by Guilherme Cardoso
    In this article i'm gonna show you how i do when i have to update some content with AJAX and i have to change the URL. First, let's see an example to understand it better. If the user is reading a News with Id 1 and he clicked on another News with Id 2, if we update the content with AJAX the user is now reading the News Id 2 but the URL remains the same, for example: http://localhost/News/Read/1 Now let's see another example from Facebook. If i'm reading my profile and i click on Photos, Facebook updates it with AJAX and the URL switch to: http://www.facebook.com/guilhermegeek#!/guilhermegeek?sk=photos If we enter on that URL, it's mapped to: http://www.facebook.com/guilhermegeek?sk=photos The trick here is the parameters that we use after the #!. Those parameters are never sent to the server side, so we handle them on the client side (javascript).In the example of Facebook, he receives my profile name (guilhermegeek) and the action is to read photos. A few time ago i've written an article in my Portuguese blog explaining how to use an alternative to clients with javascript disabled. Like this: <a onclick="javascript:ReadNews(id);" href="#!News/Read/@id/">Title</a> When the user enter the link of that news, my function Read(); fills the News in the page. Then, i add the #!News/Read/@id/ to my URL. It's gonna stay something like this: http://localhost/News/Read/1#!News/Read/2 As i explained before, the News that the user is reading has the Id 2.The next step is to use javascript to check if the URL that the user typed has other News Id, because if we enter on the above URL our controller will get the Id 1 (everything after to the # isn't sent to the server side). $(document).ready(function () {             var h = window.location.hash;             if (h != null) {                 var parts = window.location.href.split('#!');                 if (parts.length > 1) {                     window.location.replace("http://localhost/" + parts[1]);                 }             }    }); It's pretty simple. I'm cutting everything after the #!, then i redirect the user to a new page. So, it's gonna stay:http://localhost/News/Read/2

    Read the article

  • Watch 53rd Grammy Awards 2011 Live Stream & Follow The Event On Facebook & Twitter

    - by Gopinath
    Grammy Awards is the biggest music awards ceremony that honours music genres. The 53rd Grammy Awards function will be held on February 13, 2011 at Staples Center in Los Angeles. The star studded musical event will be telecasted live on CBS TV between 8pm ET until 11:30pm ET. Behind The Scenes Live Stream On YouTube and Grammy.com Grammy, YouTube and TurboTax has teamed up to provide live stream of behind the scene coverage of key events starting at 5pm Feb 11th and runs through February 13th. Note that this stream will not broadcast the 3 hour long award presentation. Kind of bad, except the award presentation rest of the ceremony is streamed here.  The video stream is embedded below Catch live behind-the-scenes coverage of key events during GRAMMY week. Before the show, you can watch the Nominees Reception, Clive Davis Pre-GRAMMY Gala, the red carpet and the pre-telecast ceremony. During the show, go backstage to see the winners after they accept their award! You can catch the same stream on Grammys’s YouTube channel as well as on Grammy.com website Follow Grammy Awards On Facebook & Twitter The Grammy Awards has an official Facebook and Twitter account and you can follow them for all the latest information The Grammy’s Facebook Page The Grammy’s Twitter Page Grammy Live Streaming on UStream & Justin.tv Even though there is no official source that stream live of The Grammy Awards presentation ceremony, there will be plenty of unofficial sources on UStream and Justin.tv. So search UStream and Justin.tv for live streaming of The Grammy’s. TV Channels Telecasting The Grammy Awards 2011 Here is the list of TV channels in various countries offering live telecast of The Grammy Awards 2011. We keep updating this section as and when we get more information USA – CBS Television Network  – February 13, 2011 India – VH1 TV – February 14  2011 , 6:30 AM United Kingdom – ITV2  – 16 February 2011, 10:00PM – 12:00AM This article titled,Watch 53rd Grammy Awards 2011 Live Stream & Follow The Event On Facebook & Twitter, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • How to set up RPX widget and facebook app to be able to authenticate with rpx_now?

    - by Andrei
    Using the sample app for rpx_now gem ( http://github.com/grosser/rpx_now_example) on localhost:3000, I have successfully logged in via Google Accounts, myOpenID, Yahoo, but cannot make it via Facebook. In the RPX app/widget settings I have set my facebook-app key and secret. In my facebook app settings, the Connect URL is myappname.rpxnow.com. But when I try to connect, then I don't even see a facebook login page, just a number of redirects and I am back to my localhost with the following exception http://gist.github.com/386520 . Before I was successfully connecting with oauth2 gem, however, without fetching user data - only authentication. That time I set only key/secret and localhost as my Connect URL. Currently, I don't even ask for email etc., but still the same problem. Can it happen because rpx_now cannot get requested user data from facebook? Or it is a problem of facebook key/secret? May be I need to provide more settings of my facebook app? RPXNow::ApiError in UsersController#create Got error: Invalid parameter: token (code: 1), HTTP status: 200 RAILS_ROOT: /home/Andrei/rpx_now_example Application Trace | Framework Trace | Full Trace /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now/api.rb:71:in `parse_response' /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now/api.rb:21:in `call' /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now.rb:23:in `user_data' /home/Andrei/rpx_now_example/app/controllers/users_controller.rb:16:in `create' Request Parameters: None Show session dump Response Headers: {"Content-Type"="", "Cache-Control"="no-cache"}

    Read the article

  • How to implement Facebook leaderboard game for mobile?

    - by TrueGrime
    I am in the final stages of developing an indie C# mobile game that I will deploy to iPhones and Androids using Mono. I wish to add push notifications and a Facebook leader board feature into the game, such that the user will be presented with a list of all his/her friends that are playing the game and their weekly scores in the main screen. I have ZERO experience with web development/networking/databases. I recently started researching the field and formed a basic understanding. Facebook has SDKs in PHP, JavaScript, obj-c and java, tho reading the documentation examples still feels cryptic to me since it involves web/server tech. After researching some more, I understood that my options for server side are basically PHP or ASP.Net. It seems that ASP.Net is more favorable in my case since I am already proficient with C# (but there is no ASP.net SDK from Facebook... I am not sure if this implies that I cant interact with Facebook using ASP.Net). On the down side some have mentioned higher costs for ASP.Net, tho I havent looked further into that aspect yet. I also understood that JavaScript is client side technology. I started going through tutorials of ASP.Net, I was thinking that ASP.Net is a purely server side management language, but it started feeling more like WPF as those tutorials started getting into very lengthy discussions about creating website interfaces and styles. I am not interested in that, I just want to have a web server which my app can somehow communicate with and get friends/scores. Am I learning the right technologies for my goal? should I be learning something else? I am posting this in hopes that someone who knows this field well can see through my problem and help guide me, otherwise I could spend months studying something that might not be the right solution to my goal. Thanks.

    Read the article

  • Having trouble with event creation using the events.create API with the iPhone SDK

    - by MahatmaManic
    I'm using the FBConnect library in my iPhone app, and I'm trying to create Facebook events. After getting a valid session and verifying permissions, I'm using events.create and getting what looks like a valid event ID back from FB in a success response. Oddly the event isn't showing up on my account's Events page either in current or in past events. I thought the problem might be that the event might not include me as an attendee so I followed the successful events.create call with an events.rsvp call to set my status to "attending". That also gets back success from FB, but I'm still not seeing anything show up. Am I missing a step? Is there something other than Create and then RSVP that I need to do, or is there an error with the api/Facebook? I don't think I'm missing any of the required fields for event creation (name and start_time) and I am populating a lot of the other fields in event_info...

    Read the article

  • Embedding Youtube Videos on user's wall with the Javascript API

    - by dragonmantank
    I'm attempting to embed a Youtube video on a user's wall using the Javascript API. I've poured over a bunch of different tutorials and came up with this: var data = { method: 'feed', link: current_video_url, // Link to the vide on our site source: current_video_src, // Link to the Youtube video, http://youtube.com/v/[hash] picture: current_picture_url, // Thumbnail from youtube title: current_video_title, // Title from our page caption: current_video_description // Text from our page } FB.ui(data); Running the Facebook Debugger shows that the current_video_url link is being properly parsed for OG tags and is available as an embedded video. I ran a debugger and all the variables are being properly set in the data variable. This worked fine for about 2 days, and then we pushed the site live. We set up a new AppID in Facebook but now all the videos are just thumbnails instead of being embedded in the user's wall. I thought maybe this is a problem with the live site but now the dev site is broken too. What's the best way to get this to work consistently?

    Read the article

  • Webview can't type in, is that because of missing setting?

    - by Pentium10
    I have an Android application that connects to Facebook to request authorization of an Application. I use the following setting in the WebView, but once the view is loaded, I can't type in login details. What I am missing? WebView webview; webview = (WebView) findViewById(R.id.facebookview); webview.getSettings().setJavaScriptEnabled(true); webview.setWebViewClient(new FacebookWebViewClient()); webview .loadUrl("http://www.connect.facebook.com/login.php?return_session=1&nochrome=1&fbconnect=1&extern=2&connect_display=popup&api_key=" + FConnect.API_KEY + "&v=1.0&next=" + FConnect.SUCCESS_URL + "%3Ffb_login%26fname%3D_opener&cancel_url=" + FConnect.CANCEL_URL + "%23fname%3D_opener%26%257B%2522t%2522%253A3%252C%2522h%2522%253A%2522fbCancelLogin%2522%252C%2522sid%2522%253A%25220.741%2522%257D&channel_url=" + FConnect.XD_RECEIVER);

    Read the article

  • Uploading a picture to a album using the graph api

    - by kielie
    Hi guys, I am trying to upload an image to a album, but it's not working, here is the code I am using, $uid = $facebook->getUser(); $args = array('message' => $uid); $file_path = "http://www.site.com/path/to/file.jpg"; $album_id = '1234'; $args['name'] = '@' . realpath($file_path); $data = $facebook->api('/'. $album_id . '/photos', 'post', $args); print_r($data); This code is in a function.php file that gets called when a user clicks on a button inside of a flash file that is embedded on my canvas, so basically what I want it to do is, when the flash takes a screen shot and passes the variable "image" to the function, it should upload $_GET['image'] to the album. How could I go about doing this? Thanx in advance!

    Read the article

  • css file not getting updated

    - by fusion
    the font of the content of my facebook app keeps getting italicized even when i've removed the italics from the css file. if i make minor changes in the css file and upload it to the server, the firebug shows the unedited previous css file and hence, the app keeps showing unformatted content. what exactly is going wrong here? i made a new css file and copied the contents of the previous css exactly as it was, and i linked it in all the files which require css. but when i upload these files to the server, facebook canvas doesn't show any css at all. i replaced the css filename with the previous one, and it works. why is this?

    Read the article

  • Can you call FB.login inside a callback from other FB methods (like FB.getLoginStatus) without triggering popup blockers?

    - by Erik Kallevig
    I'm trying to set up a pretty basic authentication logic flow with the FB JavaScript SDK to check a user's logged-in status and permissions before performing an action (and prompting the user to login with permissions if they are not)... User types a message into a textarea on my site to post to their Facebook feed and click's a 'post to facebook' button on my site. In response to the click, I check user's logged in status with FB.getLoginStatus In the callback to FB.getLoginStatus, if user is not logged in, prompt them to login (FB.login). In the callback to FB.login I then need to make sure they have the right permissions so I make a call to FB.api('/me/permissions') -- if they don't , I again prompt them to login (FB.login) The problem I'm running into is that anytime I try to call FB.login inside a callback to other FB methods, the browser seems to lose track of the origin of execution (the click) and thus will block the popup. I'm wondering if I'm missing some way to prompt the user to login after checking their status without the browser mistakenly thinking that it's not a user-initiated popup? I've currently fallen back to just calling FB.login() first regardless. The undesired side effect of this approach, however, is that if the user is already logged-in with permissions and I'm still calling FB.login, the auth popup will open and close immediately before continuing, which looks rather buggy despite being functional. It seems like checking a user's login status and permissions before doing something would be a common flow so I feel like I'm missing something. Here's some example code. <div onclick="onClickPostBtn()">Post to Facebook</div> <script> // Callback to click on Post button. function onClickPostBtn() { // Check if logged in, prompt to do so if not. FB.getLoginStatus(function(response) { if (response.status === 'connected') { checkPermissions(response.authResponse.accessToken); } else { FB.login(function(){}, {scope: 'publish_stream'}) } }); } // Logged in, check permissions. function checkPermissions(accessToken) { FB.api('/me/permissions', {'access_token': accessToken}, function(response){ // Logged in and authorized for this site. if (response.data && response.data.length) { // Parse response object to check for permission here... if (hasPermission) { // Logged in with permission, perform some action. } else { // Logged in without proper permission, request login with permissions. FB.login(function(){}, {scope: 'publish_stream'}) } // Logged in to FB but not authorized for this site. } else { FB.login(function(){}, {scope: 'publish_stream'}) } } ); } </script>

    Read the article

  • How do I change the name of an application tab?

    - by Tom Rom
    I'm working on a facebook page for a client and with the new profiles pages starting to roll out I've come across an issue with the name of the app I created. The original profiles which most of you will see here - http://www.facebook.com/DrMartyBecker says "Welcome" as the tab name. On the new profile pages the tab says 'drMARTY', I can't find the place where I can modify the name. So i was wondering if there was a way to change this and where. Thanks for the help!

    Read the article

  • echoing our parts of an Array?

    - by Wes
    I have the following array that I get as an output from facebook: http://www.paste.to/v/1jntlnml With the following code: $stream = $facebook->api_client->stream_get('',128342905144,'0','0',30,'','','',''); foreach($stream as $wallpost) { echo '<pre>'; print_r($wallpost); echo '</pre>'; } So I get the data that I need, but I want to call the individual variables within this array. For example, echo out the [message] for each post. Since it only loops once, I cant echo $wallpost['message'] or anything similar. any idea?

    Read the article

  • Why would a FaceBook application "work" on a profile, but not a page?

    - by edt
    I made a FaceBook application that works fine on profiles, but I can't figure out how to get it to show on a FaceBook page. For example, after I visit the application canvas URL, allow the application, then edit application settings and "add" to box and tab view... I cannot click the "plus" symbol to the left of the tabs in order to add a tab for the application. It does not appear in the list of available applications. Meanwhile, the application is working/showing up on profiles with no issues. I DID check the "Installable to Pages" checkbox on the application (authentication tab) settings. What could cause this? Here is the application canvas URL: http://apps.facebook.com/russian_girls/

    Read the article

  • vs2010 wpf c#: how to get friends list from facebook? (Desktop application)

    - by Ash
    As per this link code from stack overflow i have try this code for getting friendslist but after login i got this error "requires valid signature" string APIKey = ConfigurationManager.AppSettings["API_Key"]; string APISecret = ConfigurationManager.AppSettings["API_Secret"]; Facebook.Session.ConnectSession connectsession = new Facebook.Session.ConnectSession(APIKey, APISecret); Facebook.Rest.Api api = new Facebook.Rest.Api(connectsession); var friends = api.Friends.GetLists(); foreach (var friend in friends) { System.Console.WriteLine(friend.name); } guide me to find out the solution Thanks ash

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Facebook totalement hors-service cette nuit, un employé aurait dévoilé des prototypes par erreur

    Facebook totalement hors-service cette nuit, un employé aurait dévoilé des prototypes par erreur Hier soir (à partir de 22h15 heure française), Facebook a été hors service pendant près de 30 minutes. Le site n'a pourtant subi aucune attaque extérieure. En fait, il a été mis hors ligne par la firme elle-même. En cause ? Lors du passage au nouveau design des pages de marques (avec une galerie photo repensée et de nouvelles fonctionnalités de management des pages), un ingénieur de l'équipe de développement a également déployé certains prototypes internes. Ces brouillons de futurs produits de Facebook auraient dû rester secrets, et c'est pourquoi le site a été désactivé : le temps pour son staff de nettoyer...

    Read the article

< Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >