简体繁体 English

如何从Facebook画布应用程序保护AJAX调用

[英]How to secure an AJAX call from a facebook canvas application

原文 2010-05-18 05:03:48 4 1 ajax/ facebook

Reading this Ajax example, 阅读此Ajax示例，

http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example

I found the following line. 我找到了以下行。 I'm not sure what to understand out of it, how do you "check the sig values per Platform spec"? 我不确定从中了解什么，如何“根据平台规范检查信号值”？

"Note: For brevity's sake we are trusting $_POST['fb_sig_user'] without checking the full signature. This is unsafe as anyone could easily forge a user's action. Always be sure to either use the Facebook object which is supplied with the client libraries, or check the sig values per Platform spec" “注意：为简便起见，我们信任$ _POST ['fb_sig_user']而不检查完整签名。这是不安全的，因为任何人都可以轻易伪造用户的操作。始终确保使用客户端库附带的Facebook对象，或根据平台规范检查信号值”

1 个解决方案

You are under facebook application platform, if there is any leak in security, it is the fault of their platform, API. 您使用的是Facebook应用程序平台，如果安全性存在漏洞，那是他们的平台API的错误。 In other words, you are aleady safe there. 换句话说，您在那里安全无铅。

如何保护Ajax调用（从JS到PHP） - How to secure ajax call (JS to PHP)

从我的Facebook应用程序调用facebook ajax - call facebook ajax from my facebook app

如何使用 Django 后端保护 AJAX 调用？ - How to secure AJAX call with Django backend?

如何在Facebook的canvas应用程序中使用Ajax？ - How to use Ajax in Facebook's canvas app?

如何在Facebook上检测到Ajax调用 - How to detect an ajax call on Facebook

Facebook登录页面ajax在canvas应用程序上加载到jquery ui对话框中 - Facebook login page ajax load into jquery ui dialog, on a canvas application

安全的Ajax通话 - Secure Ajax call

从Wordpress网站进行AJAX调用时如何保护API密钥？ - How to secure API key when making AJAX call from Wordpress website?

如何保护来自BOT的Ajax调用的安全？ - How to secure by Ajax calls from BOTs?

Facebook如何跨域Ajax调用？ - how facebook does cross domain ajax call?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何保护Ajax调用（从JS到PHP） - How to secure ajax call (JS to PHP) 从我的Facebook应用程序调用facebook ajax - call facebook ajax from my facebook app 如何使用 Django 后端保护 AJAX 调用？ - How to secure AJAX call with Django backend? 如何在Facebook的canvas应用程序中使用Ajax？ - How to use Ajax in Facebook's canvas app? 如何在Facebook上检测到Ajax调用 - How to detect an ajax call on Facebook Facebook登录页面ajax在canvas应用程序上加载到jquery ui对话框中 - Facebook login page ajax load into jquery ui dialog, on a canvas application 安全的Ajax通话 - Secure Ajax call 从Wordpress网站进行AJAX调用时如何保护API密钥？ - How to secure API key when making AJAX call from Wordpress website? 如何保护来自BOT的Ajax调用的安全？ - How to secure by Ajax calls from BOTs? Facebook如何跨域Ajax调用？ - how facebook does cross domain ajax call?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM