Mobile app version of vmapp.org
Login or Join
Gloria169

: Facebook - "openID" danger? I am scared that someone can get into anybodys account on my game, if user does not have Facebook. Stealer makes facebook with same email that user in my game,

@Gloria169

Posted in: #Authentication #Facebook #FacebookGraph

I am scared that someone can get into anybodys account on my game, if user does not have Facebook. Stealer makes facebook with same email that user in my game, and then click "Login with facebook" -> redirects him to permission page -> back to my page - it detects that facebook email is same as victim's and -> stealer is logged into victims account.

How could I prevent this? Just t allow LOGGED in users to associate their account with facebook's ?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Gloria169

1 Comments

Sorted by latest first Latest Oldest Best

 

@Kristi941

OpenID requires the user to be logged into the website of the OpenID account they are using. So unless someone is logged into that Facebook account, Facebook won't authenticate them and allow them to be logged into your website. So if someone uses the same email address as another person's Facebook account they will still fail to login.

Update

Facebook does require the verification of email addresses so this kind of hijacking attempt will not work.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme