views:

28

answers:

1

Reading this Ajax example,

http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example

I found the following line. I'm not sure what to understand out of it, how do you "check the sig values per Platform spec"?

"Note: For brevity's sake we are trusting $_POST['fb_sig_user'] without checking the full signature. This is unsafe as anyone could easily forge a user's action. Always be sure to either use the Facebook object which is supplied with the client libraries, or check the sig values per Platform spec"

A: 

You are under facebook application platform, if there is any leak in security, it is the fault of their platform, API. In other words, you are aleady safe there.

Sarfraz
Hello Sarfraz, Thanks for the reply. What i'm concerned about is, on the server side, where MY application resides. Aside from looking at the fb_sig_user values, there is'nt much i'm doing to make sure that these request are facebook authentic. What should i be doing.