How to protect AJAX call from facebook canvas app

Question

How to protect AJAX call from facebook canvas app

Reading this example Ajax,

http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example

I found the following line. I'm not sure what to understand from this, how do you "check sig values for platform specification"?

"Note: for brevity, we trust $ _POST ['fb_sig_user'] without verifying the full signature. This is insecure as anyone can easily spoof a user action. Always be sure to use the Facebook object that comes with the client libraries or check the sig values for the platform specification "

+2

ajax facebook

user259349 May 18 '10 at 5:03

a source to share

1 answer

Sarfraz · Answer 1 · 2010-05-18T05:11:01+0000

You are under facebook app framework, if there is a security leak, it is their platform, API bug. In other words, you are safe there.

How to protect AJAX call from facebook canvas app

More articles: