Comments | hirez: Phacebook phun (Uncle disgusting, security hat. You know the drill)

hirez

Phacebook phun (Uncle disgusting, security hat. You know the drill)

Sep 04, 2009 12:37

You know all those apps y'all are playing with on Friendface? (Farmville, for instance, just leaps off the page[1 ( Read more... )

pwnage, brown trousers, security afternoon theatre

Leave a comment

Back to all threads

quercus September 4 2009, 13:14:20 UTC

The annoying bit is that the farcebook API actually seems well thought out(*), so you have to be a total careless muppet to build a dodgy app on top of it.

(*) as in, "better thought out than most Enterprise stuff in the same slot (see "LDAP lookups for authentication")

hirez September 4 2009, 13:22:08 UTC

LDAP...

Oh God.

quercus September 4 2009, 14:08:13 UTC

SSO: Serious Snake Oil

hirez September 4 2009, 14:16:49 UTC

[FX: Boggle]

I've taken to answering those sorts of question with 'No. Kerberos.' and then providing worked examples for java/perl/apache/radius/weenix/solaris.

r_is_for_rachel September 5 2009, 11:02:09 UTC

Kerberos isn't the answer either. Role-based access control through Kerberos ends up horribly perverse.

hirez September 5 2009, 11:10:29 UTC

Kerberos is a useful answer to the first iteration of that question. Authz is the other half of the problem. 'Your institution is fucked' is a good answer too.

thepaintedone September 4 2009, 13:25:31 UTC

My company were quoted about $1500 by a fairly reputable agency* to have a facebook app built to let people send our products to thier friends with cute little messages, etc. For that little money, I have my suspicions about the quality of the code!

*Or rather they had an impressive client list of household names which may or may not be the same thing.

quercus September 4 2009, 14:10:59 UTC

That's not a development cost, that's a licence fee.

Back to all threads