[Khuyên] Bạn nên đổi mật khẩu của facebook - 11/5/2011
Facebook confirmed a security problem with their old, proprietary authentication system: When using Facebook Apps like games or similar, the access token – something like a key to your Facebook account – could leak to some advertisers which were showing ads then. With this access token, it is possible to impersonate the user: Post in the users name, getting access to all information and so on. Facebook say that they now have taken counter measures so these leaks can’t occur anymore – but in the old logfiles of the advertisers, those access tokens can still be found. As Facebook now support OAuth 2.0, the company advises App providers to switch to this open and mature authentication system – which Google, Yahoo, Twitter and so on support as well. Users should change their Facebook password, which invalidates the old access token and generates a new one. This way, advertisers can’t abuse the token anymore even if they start data mining their logfiles for access tokens now
Old Facebook Authentication Flow:
....
Source:
Old Facebook Authentication Flow:
<?php
$url='http://www.facebook.com/login.php?api_key=[YOUR_API_KEY]
&connect_display=popup&v=1.0&next=[YOUR_URI]
&cancel_url=http://www.facebook.com/connect/login_failure.html
&fbconnect=true&session_key_only=true';
header('location:' . $url);
?>
.........
Source:
https://developers.facebook.com/blog/post/497
http://techblog.avira.com/2011/05/11/change-your-facebook-password/en/
http://hueniverse.com/2010/05/introducing-oauth-2-0/
Comments
Post a Comment
Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))