Login or Signup

Facebook/Myspace apps - Injection?

Miscellaneous Forums/General Help/Facebook/Myspace apps - Injection?

Retimer(Posted 1+ years ago) #1
I'm really hoping someone can clear this up for me..

I'm setting up a facebook app for a flash-based mmorpg. Now i've seen an abundance of games where you don't even have to create an account or anything for the games. I would prefer to have it set up that way for my game, but...how in the hell is that secure?

Could someone not just grab a friends myspace/facebook account id (id - not name) and inject it (think - sql injection style) to gain access to their account on all those games?

for example..mobstersapp.com is the mobsters game. It is hosted remotely, so could I not inject someone elses myspace account id into it (maybe a few other attributes) and gain access to someone elses account?

If not, how does it work to keep everything secure?

Retimer(Posted 1+ years ago) #2
Nevermind - apparently 90% of the facebook app developers (that's including the most popular games on there), aren't the brightest on security, and are more worried about easy distribution.