The idea is obviously to let your server be the one who asks the Facebook servers for the data, meaning that the only possible attack points are the server itself and the connection. If your server is compromised then you have fail security. If the connection is compromised then SSL failed. SSL is much less likely to fail.
Point is, the client never sees the key. Hans Wichman skriver: > Hi Ben, > > if you put the keys on your server, can't they be sniffed anyway or am i > missing something? > tnx > H > _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders