|
Hi I am currently thinking about using facebook connect in order to provide a login to my web site.
Problem is I looked at the source and it all seems to be javascript.
So please correct me if I am wrong but if someone is to make a fake facebook site on their local IIS with the relevant scripts that can return any facebook user Id they want and edit their hossts file to point to the local copy of facebook . that means that pesron has access to the specific profile connected to that facebook ID on my site.
Can anyone please let me know what can be done ?
Chona1171
Web Developer (C#), Silverlight
|
|
|
|
|
Chona1171 wrote: So please correct me if I am wrong but if someone is to make a fake facebook site on their local IIS with the relevant scripts that can return any facebook user Id they want and edit their hossts file to point to the local copy of facebook . that means that pesron has access to the specific profile connected to that facebook ID on my site.
Can anyone please let me know what can be done ?
When I go to FB, it shows a SSL-prefix. You could verify it's certificate - would be hard to spoof that
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|