You should used orkut signed makeRequest, you ca find the details
here:
http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSignedRequests
This will validate the request are coming from the orkut, but any
developer can write code to send these orkut signed request to your
form through their sandbox application. So you should add additional
check to validate the application id send by orkut with makeRequest.
Application Id is unique for the url of the application xml file.
-Nitin
www.ShopNdShout.com
(flaunt your shopping)
On Sun, Jun 8, 2008 at 2:38 AM, Samuka <[EMAIL PROTECTED]> wrote:
>
> Hi guys!
>
> I'm a new developer of opensocial :D I want to use a back end database
> (mysql with php), and pass some information to it, using
> gadgets.io.makeRequest() method;
>
> So, here it is, i can send info to a file called, for exemple
> savedata.php using this method, just like this:
>
>
> var data = {
> data1 : "Here i am",
> data2 : "Lorem ipsum, dolor sit?"
> };
>
> var params = {};
> params[gadgets.io.RequestParameters.METHOD] =
> gadgets.io.MethodType.POST;
> params[gadgets.io.RequestParameters.POST_DATA] =
> gadgets.io.encodeValues(data);
> gadgets.io.makeRequest(url, retorn, params);
>
>
> however, i don't want anyone to be able to send a urlencoded form to
> my savedata.php and change all my database stuff... So, i need to make
> a server-side verificantion at savedata.php in order to be sure that
> the arriving data came from my orkut application. How can I do that?
>
> Thank you very much
> Samuka
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to opensocial-orkut@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---
