Facebook/Myspace apps - Injection?

Community Forums/General Help/Facebook/Myspace apps - Injection?

Retimer(Posted 2009) [#1]
I'm really hoping someone can clear this up for me..

I'm setting up a facebook app for a flash-based mmorpg. Now i've seen an abundance of games where you don't even have to create an account or anything for the games. I would prefer to have it set up that way for my game, but...how in the hell is that secure?

Could someone not just grab a friends myspace/facebook account id (id - not name) and inject it (think - sql injection style) to gain access to their account on all those games?


for example..mobstersapp.com is the mobsters game. It is hosted remotely, so could I not inject someone elses myspace account id into it (maybe a few other attributes) and gain access to someone elses account?

If not, how does it work to keep everything secure?


Retimer(Posted 2009) [#2]
Nevermind - apparently 90% of the facebook app developers (that's including the most popular games on there), aren't the brightest on security, and are more worried about easy distribution.

http://www.insidefacebook.com/2008/02/03/many-facebook-apps-lack-simple-security-checks/