Hi David, Orkut will send a unique application id as part of the signed request. You can use that to ensure the calls are coming from only your app. The param is: "opensocial_app_id".
Note that the signatures for signed make requests are one area where the containers tend not to be as standardized as the rest of the spec. For example MySpace will send a unique consumer key instead of an app id. -Dave On Oct 1, 12:12 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Hi, > > I've been spending some time getting my head around Open Socials > signed request mechanism, and I'm getting there, but one thing puzzles > me. Does the signature sign to your app specifically, or just to all > of Orkut's domain. If the latter what is preventing a malicious user > publishing an app that appears legit, but secretly is making signed > requests to other servers? > > I must be wrong, i hope :) > > David > entertainment cloud. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---
