Comments on: OpenSocial: JavaScript Code of Flixster on MySpace – Start Hacking! http://blog.stevepoland.com/opensocial-javascript-code-of-flixster-on-myspace-start-hacking/ web entrepreneur | obsessed music fan | b-lo forever! Fri, 25 Jun 2010 14:32:45 -0700 http://wordpress.org/?v=2.8 hourly 1 By: sandy http://blog.stevepoland.com/opensocial-javascript-code-of-flixster-on-myspace-start-hacking/comment-page-1/#comment-1400 sandy Wed, 27 Aug 2008 10:58:12 +0000 http://stevepoland.com/?p=302#comment-1400 above link for zip file is not working also txt file link not working. can u plz check if possible send by email thanks above link for zip file is not working also txt file link not working. can u plz check if possible send by email

thanks

]]> By: Miron C http://blog.stevepoland.com/opensocial-javascript-code-of-flixster-on-myspace-start-hacking/comment-page-1/#comment-1176 Miron C Sun, 04 Nov 2007 18:58:46 +0000 http://stevepoland.com/?p=302#comment-1176 A quick look at the JavaScript code shows that the client-side JavaScript is passing the user ID to the backend without any authentication. This means that it's trivial to mess up anybody's Flixter profile. This seems to be a general issue with OpenSocial. Unlike Facebook, Opensocial seems to be missing user to app authentication. I wrote an article about it: http://hyper.to/blog/link/opensocial-insecurity-no-user-to-app-authentication/ I hope that the Facebook version of Flixster does take advantage of their authentication mechanism. A quick look at the JavaScript code shows that the client-side JavaScript is passing the user ID to the backend without any authentication. This means that it’s trivial to mess up anybody’s Flixter profile.

This seems to be a general issue with OpenSocial. Unlike Facebook, Opensocial seems to be missing user to app authentication. I wrote an article about it:

http://hyper.to/blog/link/opensocial-insecurity-no-user-to-app-authentication/

I hope that the Facebook version of Flixster does take advantage of
their authentication mechanism.

]]> By: Wal http://blog.stevepoland.com/opensocial-javascript-code-of-flixster-on-myspace-start-hacking/comment-page-1/#comment-1175 Wal Fri, 02 Nov 2007 22:05:48 +0000 http://stevepoland.com/?p=302#comment-1175 I was looking for good examples. Thanks for the tip. I was looking for good examples. Thanks for the tip.

]]> By: Steve Poland http://blog.stevepoland.com/opensocial-javascript-code-of-flixster-on-myspace-start-hacking/comment-page-1/#comment-1174 Steve Poland Fri, 02 Nov 2007 12:53:36 +0000 http://stevepoland.com/?p=302#comment-1174 http://www.myspace.com/aber -- CTO, MySpace http://www.myspace.com/aber — CTO, MySpace

]]> By: Matt Smith http://blog.stevepoland.com/opensocial-javascript-code-of-flixster-on-myspace-start-hacking/comment-page-1/#comment-1173 Matt Smith Fri, 02 Nov 2007 03:17:11 +0000 http://stevepoland.com/?p=302#comment-1173 Steve, where did you get these files? Steve, where did you get these files?

]]> By: kiakanpa http://blog.stevepoland.com/opensocial-javascript-code-of-flixster-on-myspace-start-hacking/comment-page-1/#comment-1172 kiakanpa Thu, 01 Nov 2007 21:01:16 +0000 http://stevepoland.com/?p=302#comment-1172 Quick work ;-) will take a look Quick work ;-) will take a look

]]>