Facebook/Myspace apps - Injection?
Community Forums/General Help/Facebook/Myspace apps - Injection?
| ||
I'm really hoping someone can clear this up for me.. I'm setting up a facebook app for a flash-based mmorpg. Now i've seen an abundance of games where you don't even have to create an account or anything for the games. I would prefer to have it set up that way for my game, but...how in the hell is that secure? Could someone not just grab a friends myspace/facebook account id (id - not name) and inject it (think - sql injection style) to gain access to their account on all those games? for example..mobstersapp.com is the mobsters game. It is hosted remotely, so could I not inject someone elses myspace account id into it (maybe a few other attributes) and gain access to someone elses account? If not, how does it work to keep everything secure? |
| ||
Nevermind - apparently 90% of the facebook app developers (that's including the most popular games on there), aren't the brightest on security, and are more worried about easy distribution. http://www.insidefacebook.com/2008/02/03/many-facebook-apps-lack-simple-security-checks/ |