: Facebook - "openID" danger? I am scared that someone can get into anybodys account on my game, if user does not have Facebook. Stealer makes facebook with same email that user in my game,
I am scared that someone can get into anybodys account on my game, if user does not have Facebook. Stealer makes facebook with same email that user in my game, and then click "Login with facebook" -> redirects him to permission page -> back to my page - it detects that facebook email is same as victim's and -> stealer is logged into victims account.
How could I prevent this? Just t allow LOGGED in users to associate their account with facebook's ?
More posts by @Gloria169
1 Comments
Sorted by latest first Latest Oldest Best
OpenID requires the user to be logged into the website of the OpenID account they are using. So unless someone is logged into that Facebook account, Facebook won't authenticate them and allow them to be logged into your website. So if someone uses the same email address as another person's Facebook account they will still fail to login.
Update
Facebook does require the verification of email addresses so this kind of hijacking attempt will not work.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.