Facebook/Myspace apps - Injection?Miscellaneous Forums/General Help/Facebook/Myspace apps - Injection?
| I'm really hoping someone can clear this up for me..|
I'm setting up a facebook app for a flash-based mmorpg. Now i've seen an abundance of games where you don't even have to create an account or anything for the games. I would prefer to have it set up that way for my game, but...how in the hell is that secure?
Could someone not just grab a friends myspace/facebook account id (id - not name) and inject it (think - sql injection style) to gain access to their account on all those games?
for example..mobstersapp.com is the mobsters game. It is hosted remotely, so could I not inject someone elses myspace account id into it (maybe a few other attributes) and gain access to someone elses account?
If not, how does it work to keep everything secure?
| Nevermind - apparently 90% of the facebook app developers (that's including the most popular games on there), aren't the brightest on security, and are more worried about easy distribution.|