javascript - Facebook Connect help -

-

According to the Facebook API documentation, most of the work is done via Javascript

This means that All processing is done, and then front end checks that the user is connected to facebook / authorized. right?

My question is:

Suppose a user first visits my site. He clicks on "Facebook Connect" Javascript verifies it as authentic, and it "redirects" to the second page on my server, since then, how will I know that the user is actually authenticated on my website because Everything is done on the forehead?

I think this is correct, but there are not some security problems ..:

- Login after user, a page on Facebook Redirects my site to And they also make a cookie with a specific "Facebook ID" that is only obtained from this user. Please "read" my supported cookies and grab that ID ... and then add it to my user id.

If this is correct ... then it does not understand. What if people steal other people's "Facebook IDs" and then make cookies? And then looks at my backend cookie and thinks this is the real user ...?

Am I confused? If I am confused, then help me rearrange and tell me how it is.

Facebook Connect uses a clever (or crazy, depending on your hypocrisy) Hack into the browser to get cross-site communication between your site and the authentication system of Facebook.

The way this works, it is as follows:

  1. Your site contains a very simple static HTML file, which is a cross-domain communication channel This file is known as the xd_receiver.htm in the FB docs, but it can be given a name for you.
  2. Your site's login page contains a reference to the JavaScript library hosted on Facebook's server.
  3. When a user logs via the "Connect" button, then he calls a function in Facebook's JS API, which pops up a login dialog. This login box has an invisible iframe , in which the cross-domain communication file is full.
  4. The user fills the form and submits it, posts the form to Facebook.
  5. Checks Facebook Login If it is successful, then it communicates on your site. Here's where cross-domain comes:
    1. Due to cross-domain security policies, Facebook's login window can not inspect the DOM tree for documents hosted on your server. But within the login code src can update the contents of any iframe , and with the hosted cross-domain communication file Used to communicate on your page.
    2. When a cross-domain communication file receives a hint that the entry is successful, it uses JavaScript to set some cookies with the user's ID and session. Since this file resides on your server, those cookies have your domain and your backend can get them.
  6. Any other communication towards Facebook can be completed by inserting another nested code

Popular posts from this blog

asp.net - Javascript/DOM Why is does my form not support submit()? -

-
This is my first time working with asp.net and javascript, so I do not know very good web resources, or Much about javascript debugging I have to find out that on line oFormObject.submit (); Microsoft JScript Runtime Error: Object does not support this property or method I am using the link to work as a button because I am terrible in aesthetics and I think That link will look more professional than a table of 50 buttons. I have read that this solution can cause problems with browsers due to pre-rendering of my links and many additional traffic and problems, but CSS gives me a button like a link, which has issues of alignment and difference seemed to. & lt ;! DOCTYPE HTML PUBLIC "- // W3C // DTD HTML 4.01 // N" "http://www.w3.org/TR/html4/strict.dtd"> & Lt; Html xmlns = "http://www.w3.org/1999/xhtml" & gt; & Lt; Head & gt; & Lt; Link rel = "stylesheet" type = "text / css" href = "defect differen
Read more

sockets - Delphi: TTcpServer, connection reset when reading -

-
I am trying to implement one for Delphi, but there are some problems with communication. Fitnesse will start my process, and give me a portmember as a command line argument. Then I should make a socket on the port number given to me, and fitness will connect to that port I am using a TCPCP server for the job: < Pre> TcpServer1.LocalPort: = ParamStr (ParamCount); TcpServer1 Active: = true; On OnEXEPT () -Event, I send the protocol version to use as specified in the protocol. Process TForm1.TcpServer1Accept (From: TOBject; ClientSocket: TCustomIpClient); Var s: ansistring; Start clientSocket. Syndrome ('slim - v 0.0', # 10); SetLength (S, 6); ClientSketts Receavebook (S, 6); End; When I call ReceiveBuf (), the process ends, and fitness throws an exception: java.net.SocketException: connection Reset I have seen what sent and received. It shows that my code sends the protocol version, fitness sends back a message, and when I try to get this message
Read more

javascript - Classic ASP "ExecuteGlobal" statement acting differently on two servers -

-
I have a strange problem that I really do not know. In addition to developing a new ASP.NET site, I have to support the old "classic ASP" site. It is written in VBScript with a batch of JavaScript functions. Many of the JavaScript functions include 'files' Everything is fine on our production system (which security is controlled by another group - this is a military installation) Debugging them once did not work I). However, I have a fix for a vague bug that needs to be fully tested and some functions do not run under the "local" copy of the website that runs on my PC. For the record, I am running IIS 5.1 on XP. The problem is that some Javascript functions are running "OK" on the production server, but when they use it as a server, they are not defined on my PC what is happening that last Programmer, for some reason, has decided to put some functions in a series of files, which according to the observations, imitate the "need_once
Read more