Hi, As far as I see, because any OpenSocial widget code can be manipulated within the browser using tools such as GreaseMonkey, you cannot take it for granted that the viewer or the owner is who it looks like.
Actually, you can take any widget, modify its code in your browser and, as a viewer, you can fetch anybody's opensocial ID. From then on, you can pass it within any other modified widget as the owner and you can manipulate their widgets' preferences for example. This means that, let's say, if we implement an internal messaging system within our widget where each person can see only their own messages, this is totally unreliable. So we shouldn't create any app which requires too much security regarding personal information. Is this the case or am I missing the point here? Thanks, Norbert --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
