我要寻找一种方式用ajax发布用户的特定数据时验证用户的Facebook ID。
I am looking for a way to verify a users facebook id when posting user specific data using ajax.
我希望能够验证使用AJAX发布数据时,Facebook用户ID是正确的。
I want to be able to verify that a facebook user id is correct when posting data using ajax.
问题是,如果我发布了Facebook的ID,作为我的ajax的数据部分,它可以在JavaScript中进行编辑。我能在服务器端的图形调用,但这些都是很慢,所以我想保持图形话费降到最低点。 preferably只称这是开头。
The problem being, that if I post the facebook id as part of my ajax data, it can be edited in the javascript. I could make a graph call on the server side, but these are really slow, so I want to keep graph calls to a minimum. Preferably only calling it at the beginning.
可在任何提出一个有效的/安全的方法?
Can any suggest an efficient/secure method?
推荐答案
在结束我的解决办法是抓住通过PHP SDK用户的Facebook的ID,并通过添加盐和MD5编码它创造它的哈希值。在发布表单我既包括Facebook的ID和散列。然后,我可以使用相同的盐值,仔细检查了Facebook的想法是使用它之前正确。这似乎为我的需要提供足够的安全性。
In the end my solution was to grab the users facebook id via the php sdk and creating a hash of it by adding a salt and encoding it with md5. When posting the form I include both the facebook id and the hash. I can then use the same salt value to double check that the facebook idea is correct before using it. This seems to provide enough security for my needs.
相关推荐
最新文章