: Facebook - "openID" danger? I am scared that someone can get into anybodys account on my game, if user does not have Facebook. Stealer makes facebook with same email that user in my game,

Posted in: #Authentication #Facebook #FacebookGraph

I am scared that someone can get into anybodys account on my game, if user does not have Facebook. Stealer makes facebook with same email that user in my game, and then click "Login with facebook" -> redirects him to permission page -> back to my page - it detects that facebook email is same as victim's and -> stealer is logged into victims account.

How could I prevent this? Just t allow LOGGED in users to associate their account with facebook's ?

10.01% popularity Vote Up Vote Down

: It is possible -- but you need to tell at least which web server do you use. For Apache this can be achieved with the following rule (using mod_rewrite): RewriteEngine On RewriteRule ^content/(.+)$

@Gloria169

0 Comments

: How do get my css style sheet to work the same in IE9 as it does in IE8 and other browsers? I am developing the following website and just discovered that the styling of the navigation does

@Gloria169

Posted in: #Css #InternetExplorer9 #WebDevelopment

2 Comments

: 1and1: Unable to host an external domain I'm sorry if this isn't the right place for this question, but I'm presently having difficulties with my hosting provider (1and1). Two weeks ago, two

@Gloria169

Posted in: #1and1 #LookingForHosting #SharedHosting #WebHosting

2 Comments

: Is it really a security problem to have non secure assets on an ssl page? My understanding is that this is just an example of being overly cautious, but if my checkout form contains an unsecure

@Gloria169

Posted in: #Https

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Kristi941

OpenID requires the user to be logged into the website of the OpenID account they are using. So unless someone is logged into that Facebook account, Facebook won't authenticate them and allow them to be logged into your website. So if someone uses the same email address as another person's Facebook account they will still fail to login.

Update

Facebook does require the verification of email addresses so this kind of hijacking attempt will not work.

10% popularity Vote Up Vote Down

Feed

: Facebook - "openID" danger? I am scared that someone can get into anybodys account on my game, if user does not have Facebook. Stealer makes facebook with same email that user in my game,

More posts by @Gloria169

: It is possible -- but you need to tell at least which web server do you use. For Apache this can be achieved with the following rule (using mod_rewrite): RewriteEngine On RewriteRule ^content/(.+)$

: How do get my css style sheet to work the same in IE9 as it does in IE8 and other browsers? I am developing the following website and just discovered that the styling of the navigation does

: 1and1: Unable to host an external domain I'm sorry if this isn't the right place for this question, but I'm presently having difficulties with my hosting provider (1and1). Two weeks ago, two

: Is it really a security problem to have non secure assets on an ssl page? My understanding is that this is just an example of being overly cautious, but if my checkout form contains an unsecure

Login to post a comment!

1 Comments

Back to top | Use Dark Theme