do we need to cache the certificate? if the app runs on different containers,so i need to save the certificate for each container? is there a reposite to save this certificates??
On Oct 30, 9:45 am, [EMAIL PROTECTED] wrote: > Hi Robson, > > You have to verify the signed requests on your server (check this > page out for how to do > so:http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig...). > With a verified request, you will know the OpenSocial IDs of the > VIEWER and OWNER as well as the app that sent the request (these > values cannot be changed by Firebug because they are added by the > container). On your server, you must then decide whether the given > user should be able to post a message, change values, etc. > > Hope this helps, > ~Arne > > On Oct 20, 7:18 pm, "Robson Dantas" <[EMAIL PROTECTED]> wrote: > > > Guys, > > > I'm developing an application which sends some signed requests to my server > > and then I can store some information there. > > > I was testing some procedures and I can use Firebug or something like that > > to change variables and then send a fake message, for example. In other > > words, I can access someone's profile, change some variables and voila, I've > > hacked the application. As we're running in a javascript model, how can I > > protect my application from this kind of action ? > > > Is there something (article for example) describing some guidelines ? > > > --Robson --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
