Comments (4)
Atimb, you are using your App Secret in your aplication files, even in the facebook samples, the App Secret is on the code, below is a fragment of PHP SDK:
require_once("facebook.php");
$config = array();
$config[‘appId’] = 'YOUR_APP_ID';
$config[‘secret’] = 'YOUR_APP_SECRET';
$config[‘fileUpload’] = false; // optional
$facebook = new Facebook($config);
I think is not a big problem use the app secret in the android manifest, maybe I'm wrong.
from phonegap-facebook-plugin.
Thanks for your answer, however the big difference here is that this PHP file is residing on your server, and (unless hacking your server) no one can ever access it. On the other hand, the android manifest is simply packaged into your android package (APK) that your users will download from the store. It's content can be simply read by anyone.
from phonegap-facebook-plugin.
I didn't know about this possibility, but I'm seeing the ConnectPlugin.java seems easy insert the appSecret there instead of puting in AndroidManifest.xml, if we put the key in there, the problem is solved?
I'm not sure, but is just for me or the app works fine, whatever App Secret we use?
from phonegap-facebook-plugin.
@atimb I agree, the app secret shouldn't be included anywhere in the apk file people download, as that would allow them to impersonate your application which could be a bit of a security risk.
Normally for the Javascript SDK on the web you only need the Application ID and not the secret - the operations requiring the secret have to be done server side. I wonder why this SDK would need the secret ?
from phonegap-facebook-plugin.
Related Issues (20)
- Compile Error
- ErrorCode for ios
- Cordova iOS - Facebook Native App callback return issue?
- Turn Texas HoldEm Poker
- Facebook share link not working
- app crash on facebook re-login
- THIS REPOSITORY HAS BEEN ABANDONED. Use the jeduan fork instead!
- miss IOS instruction on documentation HOT 1
- Not Able to Validate Server Side Login Using AccessToken and Fetch Profile Information
- unable to list saved accounts on device
- You can't use Facebook to log into this app or website because there's an issue with its implementation of Facebook Login HOT 1
- Plugin doesn't work on my site
- TypeScript definition support
- UIWebView needs to be removed HOT 1
- Plugin for mobile version of site
- How i can get Deep Link?
- h
- Busco
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phonegap-facebook-plugin.