DISQUS

Hello! AllFacebook is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

www.allfacebook.com Jump to website »

Subscribe
- New Comments
Community
Top Commenters
- theharmonyguy
  23 comments · 1 points
- acafourek
  15 comments · 2 points
- Erik Giberti
  14 comments · 1 points
- Nick O'Neill
  11 comments · 1 points
- adaml
  10 comments · 1 points
Popular Threads
Recent Comments
- PLEASE BRING TIMELINE BACK! It was my absolute favorite feature! I used it all the time, it was so convenient and interesting to know WHEN and HOW you meet people over the years. The only reason I...
  4 months ago by Facebook User
  
  in Facebook Removes Friend Timeline
- so then what DOES cheat engine do for Gangster Battle?
  5 months ago by Stathis Stefanidis
  
  in Facebook-Greasemonkey Hacks
- Hi Nick, I've been a fan of the All Facebook blog for a few months, but I'm sad to say I'll be removing it from my feed reader. I feel that leading this story with poor attempts at...
  8 months ago by mwinters58
  
  in The Facebook Killer Is Jailed
- Social Media is going under!
  8 months ago by Web2.0FDCompany
  
  in Scott Rafer: The Facebook Platform is Dead
- Scott, I've now seen your full presentation on the Lookery blog. I think the crucial thing you're missing is possibly also absent from Nick's original post about the decline of his Bush...
  8 months ago by Dan Lester
  
  in Scott Rafer: The Facebook Platform is Dead

AllFacebook

Jump to original thread »

Facebook Applications Prove Insecure

Started by Nick O'Neill · 10 months ago

Chris Soghoian has an interesting article about how a number of application developers are failing to protect against extremely basic security risks. For instance, a user can monitor all post and get requests (a system for passing data from a form which prompts users for information) coming f ... Continue reading »

2 comments

Tom
1 year ago

All requests from fb pass a signature using a shared secret key. There is no way a hacker could generate this sig without knowing the secret key. The default libraries use this key to validate the user, so anyone simply following the example apps would have a pretty secure app.

reply

Ryan
1 year ago

Ha! I saw this coming five months ago. Scope this post....

http://deftlabs.com/2007/10/facebook-applicatio...

reply

Add New Comment

Returning? Login

DISQUS

Community Page

Subscribe

Community

Top Commenters

Popular Threads

Recent Comments

AllFacebook

Facebook Applications Prove Insecure

2 comments

Add New Comment