Facebook登录的安全性(JavaScript SDK)
[英]Security of facebook login (Javascript SDK)
问题描述
I would like to get information how to securely save user's id using Facebook Login with Javascript SDK ? 
我想获取有关如何使用Java SDK的Facebook Login安全地保存用户ID的信息?
I get it using 我用
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
->>> response.authResponse.userID
} else if (response.status === 'not_authorized') {
window.location.href='index.php';
} else {
window.location.href='index.php';
}
});
};
but i need securely save it to mysql database. 但我需要安全地将其保存到mysql数据库。 Any ideas? 有任何想法吗?
2 个解决方案
解决方案1
3 2012-11-17 04:00:16
Don't do this - if anything, take the entire signedRequest and transfer this to your server. 不要这样做-如果有的话,请拿走整个signedRequest并将其传输到您的服务器。 You can then decode it and validate that it was signed with your app_secret , and that it is still valid. 然后,您可以对其进行解码并验证它是否已使用app_secret签名,并且仍然有效。
解决方案2
2 2012-11-16 21:24:58
if you're trying to avoid people pretending to be other people and using that info to hit your DB your real problem is that facebook id's aren't secret (at all). 如果您想避免别人装作是别人,并使用该信息打入您的数据库,那么您真正的问题是,Facebook ID根本不是秘密。
you could try using the third_party_id value. 您可以尝试使用third_party_id值。 it's one per user per app and shouldn't be discoverable outside your app. 每个应用程式每个使用者只有一个,因此在您的应用程式之外不可被发现。 if you're looking for security that's "good enough" it may do: 如果您正在寻找“足够好”的安全性,则可以这样做:
FB.api("/me?fields=third_party_id,username", _updateMe);
function _updateMe(response) { /* do something with response.third_party_id; */ }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.