Dears,
I'm starting to opensocial development and my first project is a orkut based widget. I'm still in learning and project phase and in this moment my question is about send request from the widget to my host (for processing with mysql and others server side issues). I read about OAuth and Signed authentication with samples using PHP ands sounds good. My question is: Once is possible to see the request maked to my server (with all parameters sends via POST), can user spoof the request sending the same data with bogus keys-value pairs and make damage in my application? How the best way to prevent spoofs, if it can be done? I'm think about to check http_referer but malicious applications in orkut sandbox could mislead the verification request. How do you make sure that a request actually came from your widget? Thanks! -- You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-...@googlegroups.com. To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en.
