Search Results

Search found 5426 results on 218 pages for 'facebook iframe'.

Page 62/218 | < Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >

  • vs2010 wpf c#: how to get friends list from facebook? (Desktop application)

    - by Ash
    As per this link code from stack overflow i have try this code for getting friendslist but after login i got this error "requires valid signature" string APIKey = ConfigurationManager.AppSettings["API_Key"]; string APISecret = ConfigurationManager.AppSettings["API_Secret"]; Facebook.Session.ConnectSession connectsession = new Facebook.Session.ConnectSession(APIKey, APISecret); Facebook.Rest.Api api = new Facebook.Rest.Api(connectsession); var friends = api.Friends.GetLists(); foreach (var friend in friends) { System.Console.WriteLine(friend.name); } guide me to find out the solution Thanks ash

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Can I set a style for the content of an iframe from the main page?

    - by Joel Coehoorn
    We have a page the embeds a Google Calendar in an iframe. Recently, a warning box div began appearing on the calendar that looks like this: <div id="warningBox" style="color:#aa0000;">Events from one or more calendars could not be shown here because you do not have the permission to view them.</div> Obviously the best solution here is to find the private events and remove them, but so far the search for those events has proved fruitless. This calendar is an aggregate of several calendars, including a few we don't control (ie weather). We're still looking, but in the meantime, I would like to try to hide that div. I know that iframes enforce the separation between the pages, such that the child page is pretty much a law unto itself. But surely there must be some way to set a style on an element inside the frame?

    Read the article

  • Facebook totalement hors-service cette nuit, un employé aurait dévoilé des prototypes par erreur

    Facebook totalement hors-service cette nuit, un employé aurait dévoilé des prototypes par erreur Hier soir (à partir de 22h15 heure française), Facebook a été hors service pendant près de 30 minutes. Le site n'a pourtant subi aucune attaque extérieure. En fait, il a été mis hors ligne par la firme elle-même. En cause ? Lors du passage au nouveau design des pages de marques (avec une galerie photo repensée et de nouvelles fonctionnalités de management des pages), un ingénieur de l'équipe de développement a également déployé certains prototypes internes. Ces brouillons de futurs produits de Facebook auraient dû rester secrets, et c'est pourquoi le site a été désactivé : le temps pour son staff de nettoyer...

    Read the article

  • Microsoft intègre Office à Facebook : une des nouveautés de ses Futur Social Experience Labs pour mi

    Microsoft intègre Office à Facebook Une des nouveautés de son Futur Social Experience Labs En ce moment se tient à San Francisco le salon du Web 2.0. A cette occasion, une représentante de Microsoft en a profité pour présenter deux nouveaux produits issus du Futur Social Experience Labs (alias le FUSE) de la société. La première réalisation du FUSE avait été l'intégration des Tweets dans les résultats de Bing. Cette foic-ci, le laboratoire de R&D propose un site (Docs.com) qui permet d'intégrer des documents de Microsoft Office dans Facebook. Plus précisément de permettre aux contacts Facebook d'accéder aux documents sur le modèle de la pièce joint...

    Read the article

  • Silverlight Client for Facebook updated for Silverlight 4 RC

    If you installed the Silverlight Client for Facebook, and also upgraded to the release candidate for Silverlight 4, you may have noticed it stopped working :-). NOTE: Applications compiled on Silverlight 4 beta will not work on machines with Silverlight RC runtime. This is known/expected. As with all pre-release software, this type of breaking can be expected. Weve recently updated the Facebook application, and you will have to re-install. Follow these steps: Uninstall the Silverlight Facebook...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Serve most of a domain with Apache, but use mod_proxy to serve some URLs from Lighttpd

    - by Alex Pineda
    So we wish to host some pages on a new server with apache2, and embed some of our old content & functionality from another server with lighttpd in an iframe. I'm looking at this configuration from the apache docs (http://httpd.apache.org/docs/2.2/vhosts/examples.html#page-header) under "Using Virtual_host and mod_proxy" together. <VirtualHost *:*> ProxyPreserveHost On ProxyPass / http://192.168.111.2/ ProxyPassReverse / http://192.168.111.2/ ServerName hostname.example.com </VirtualHost> The only issue is that I want to proxy only on a subdomain, or even better, if I can keep the top domain and proxy only if the url contains a particular path ie. "/myprocess.php". So in essence the DNS will point to the apache2 as the "master router".

    Read the article

  • Apache + Lighttpd serving from same Domain name

    - by Alex Pineda
    So we wish to host some pages on a new server w/ apache2, and embed some of our old content & functionality from another server w/ lighttpd in an iframe. I'm looking at this configuration from the apache docs (http://httpd.apache.org/docs/2.2/vhosts/examples.html#page-header) under "Using Virtual_host and mod_proxy" together. <VirtualHost *:*> ProxyPreserveHost On ProxyPass / http://192.168.111.2/ ProxyPassReverse / http://192.168.111.2/ ServerName hostname.example.com </VirtualHost> The only issue is that I want to proxy only on a subdomain, or even better, if I can keep the top domain and proxy only if the url contains a particular path ie. "/myprocess.php". So in essence the DNS will point to the apache2 as the "master router".

    Read the article

  • Facebook est désormais valorisé à 50 milliards de dollars, et dépasse Yahoo, eBay et Time Warner

    Facebook est désormais valorisé à 50 milliards de dollars, et dépasse Yahoo, eBay et Time Warner La valeur de Facebook vient de faire un grand bond en avant, malgré que la firme ne soit toujours pas présente en bourse du fait des réticences de son fondateur. En effet, la banque d'affaires Goldman Sachs vient d'investir 450 millions de dollars dans le site communautaire de Mark Zuckerberg. Mais ce n'est pas tout, le conglomérat russe Digital Sky Technologies a aussi apporté sa pierre à l'édifice en y injectant 50 millions de dollars. Deux opérations financières qui permettent à Facebook d'être désormais valorisé à hauteur de... 50 milliards de dollars ! L'entreprise ne cesse de croître, tout en s'appr...

    Read the article

  • Des applications fleurissent sur la toile pour gérer la confidentialité sur Facebook, afin de protég

    Mise à jour du 18.05.2010 par Katleen Des applications fleurissent sur la toile pour gérer la confidentialité sur Facebook, afin de protéger facilement ses données personnelles Avec de plus en plus de changements dans ses paramètres de confidentialité, Facebook devient un site Internet compliqué à paramétrer pour certains. En effet, le réseau social offre pas moins de 50 paramètres assortis à plus de 70 options, pour contrôler ce que le Net peut voir de vous... Pour preuve, ce graphique publié la semaine dernière par le New York Times illustrant toutes les configurations disponibles : [IMG]http://graphics8.nytimes.com/packages/images/newsgraphics/2010/0512-facebook/gif1.jpg[/IMG]...

    Read the article

  • SEO: disallowing Google from indexing forms in iframes or not?

    - by Marco Demaio
    I usually place forms in iframes (i.e. order form, request assistance form, contact forms, ect.). Just the forms, I never place other contents or pages in iframes. From a SEO point of view, would you exclude forms from being indexed/crawled by Google or not? I mean my forms hardly ever contains keyword/keyphrases, moreover I obviously place empty title/meta description tags in pages shown in iframe to display forms, cause those titles are never displaied in browser title bar. So I'm wondering what's the point of letting Google index them? Moreover I think these form pages might suck out PR from all other pages that are more valuable for SEO. If your answer is "yes I would exclude them form indexing" would you simply use robots.txt to exclude them? Thanks!

    Read the article

  • Is there any good reason I would want my website to be framed?

    - by minitech
    I'm building a website that's not security-critical in any way at all, so having somebody put a page in an <iframe> is not particularly dangerous to its users. However, as my website doesn't have script plugins that will be used anywhere else, is there any reason why I shouldn't just apply: X-Frame-Options: Deny to every page on my website? Is there any valid reason for any other website to embed mine? I've seen plenty of content-stealing ones and attempts to hijack user accounts, but never an actual good usage of frames that's not an explicit feature of the website.

    Read the article

  • ExcelBook Conceals Facebook Browsing in a Spreadsheet

    - by Jason Fitzpatrick
    If you can’t get enough of social media while you’re at work, ExcelBook hides your Facebook browsing inside a spreadsheet. It’s certainly not the way to win the employee of the month award, but if you’re looking for a subtle way to browse and update Facebook from your cube ExcelBook offers and Adobe Air-based Facebook interface that looks like a spreadsheet application. Hit up the link below to grab a copy. ExcelBook [BeStupidAtWork via Yahoo! News] HTG Explains: Photography with Film-Based CamerasHow to Clean Your Dirty Smartphone (Without Breaking Something)What is a Histogram, and How Can I Use it to Improve My Photos?

    Read the article

  • Securing Facebook

    - by Promather
    Probably like most of you, I am concerned about the privacy of Facebook. Some people suggested that I use the HTTPS address instead. Unfortunately, many links in the HTTPS page itself link back to HTTP. So I am wondering whether it is possible in Ubuntu to redirect any request to: http://www.facebook.com/ to https://www.facebook.com/ This way I feel safer. If you also know the solution for Windows, it might be great to share (probably as a comment to my question rather than answer, as this forum is supposed to be for Ubuntu) so that I can share it with friends.

    Read the article

  • Facebook corrige un bogue susceptible d'avoir provoqué une fuite de données de six millions d'utilisateurs

    Facebook corrige un bogue susceptible d'avoir provoqué une fuite de données de six millions d'utilisateursSi vous avez reçu ce weekend un courriel de la part de Facebook vous expliquant que votre compte a été compromis suite à un bogue, sachez que ce n'est pas un SPAM.En effet, vendredi dernier, Facebook a voulu jouer la carte de la transparence en annonçant dans un billet blog avoir été victime d'une panne logicielle qui a été à l'origine de la fuite de données de près de six millions d'utilisateurs. Download Your Information (DYI) est l'outil qui a provoqué le dysfonctionnement. Il est chargé de récupérer les adresses de courriel et numéros de téléphone des utilisateurs dans le cadre de la sécu...

    Read the article

  • Facebook abandonne HTML5 pour son application iOS, qualifiée de trop lente

    Facebook abandonne HTML5 pour son application iOS qualifiée de trop lente L'application Facebook pour iOS bien que pratique est lente, et souvent très lente même. D'après le New York Times, sur 38 000 personnes l'ayant noté, plus de 21 000 personnes n'ont accordé qu'une seule étoile à l'application, la qualifiant de lente, toujours en chargement, sujette à des crashs répétitifs, etc. Insensible à toutes ces remarques, Facebook a décidé de rendre son application plus rapide en réécrivant complètement celle-ci. Conséquence, le HTML5 qui avait été utilisé précédemment pour développer l'application autour d'une coque objective-c, afin d'utiliser la même base ...

    Read the article

  • Website attacked with a hidden iframe (q5x.ru)

    - by Dreas Grech
    A website of mine has recently been infected with some sort of attack that involved injecting a hidden iframe, and it's source was from a site q5x.ru (do not link). A Google search didn't help me in figuring out how this attack my have took place, so I was wondering if anyone of you may have encountered this same problem? The iframe code was something of the sort: <iframe src="http://q5x.ru:8080/index.php" width=109 height=175 style="visibility: hidden"></iframe> As per request, I am running an ASP.Net website with a database, and as regards forms, it's obviously the ASP.Net form that's used for postbacks.

    Read the article

  • DB structure for Twitter home/Facebook wall?

    - by mathon12
    Basically a live feed of all your friends' recent posts. In a stupid sort of approach I think I'd start by building a query like: SELECT * FROM tblposts WHERE userid=friend_id_1OR userid=friend_id_2...... and so on Where friend_id_% is the userid of a friend from your friends list. But this must be a very inefficient way of doing it, right? Is there any faster way of doing this in MySQL? Maybe some clever DB schema? (I know FB uses Hadoob but I'm not experienced enough to go that far :( )

    Read the article

  • facebook FBML,FBJS

    - by Rohit
    I want to use FBML as a canvas and would like to display a rich text editor like fckeditor or other. Can anybody out there help me out on this? e.g. to format text mainly bold,italics. Is it possible? how? I'm eager to learn more from the responder.

    Read the article

  • Facebook/FBML: How to tell if a user is a fan of the fan page

    - by Dominic Godin
    Hi, I'm working on a FBML fan page for a client. I need to perform a check to see if the current user is a fan of the page. I tried using the JavaScript API but I've found this is not compatible with FBML. I have looked through the FBML page on the developer wiki and found checks for practically everything else but no is user fan check. Any pointers in the right direction would be most appreciated. Thanks in advance.

    Read the article

  • what is the procedure followed to divide the background into squares like facebook supercity, farmvi

    - by Jeeva
    I have planned to develop a game in flex in which the users will build buildings on a plain surface. I want to divide those lands into pieces and allow the user to build the buildings on the pieces of the surface. How do i divide the land into pieces. I have seen face book application supercity, farm vilie etc. I want to develop same as that. What is the method followed to develop the squares in the background.

    Read the article

< Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >