Hi Henrik,
not to hijack Paul's thread, but do you have some more info on this
subject. Eg the client would need some way to uniquely id itself to the
server, lest the server give out this data to anyone which is kind of
the same as making your api key public?. The client could be decompiled
etc etc, referrers can be faked.. is there some kind of standard setup
that you know of that prevents this?
My guess it would benefit Paul as well as the rest of us (me;)).
regards,
Hans
On 31-5-2012 18:00, Henrik Andersson wrote:
The idea is obviously to let your server be the one who asks the
Facebook servers for the data, meaning that the only possible attack
points are the server itself and the connection. If your server is
compromised then you have fail security. If the connection is
compromised then SSL failed. SSL is much less likely to fail.
Point is, the client never sees the key.
Hans Wichman skriver:
Hi Ben,
if you put the keys on your server, can't they be sniffed anyway or am i
missing something?
tnx
H
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
