Arne,
You're right, I could roll my own interface from Flash directly to my
server, but then I lose the authentication of (at least) the user id
etc that the container can vouch for when using the makeRequest
method. I believe that intercepting the Flash-to-server communication
is a bit tricker
Passing data from Flash to JavaScript and then to makeRequest will
work, but it's possible that you could find another way to transmit
data, especially since Flash can set up socket connections of its
own. I'm unfamiliar with the Facebook case, can you elaborate a
little more on what parameters a
Arne (or anyone),
Can you confirm for me that the only authentication method provided by
OpenSocial is the one I quoted in my first post above?
In particular, I'm thinking of getting information in a Flash object
securely to my server. I gather the way to do this is to have the
Flash object pas
Arne,
That's very helpful. Thanks a lot. You've confirmed what I
suspected.
DB
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"OpenSocial Application Development" group.
To post to this group, send email to open
Note that certain parameters such as the viewer ID, owner ID, and
application ID cannot be tampered through the JS debugger method, as
the container inserts these parameters itself. So you can always
verify which user is performing the actions reliably, even if you
can't trust their input to be v
Hi,
In short, there's nothing to prevent a user from doing what you
described. Certainly parameter signing is not a solution, because the
container has no idea of whether a "score" parameter is coming from
the application or the end user (in the case of JavaScript or even
Flash, it's all the
