Facebook sharpen the therms of application

This post is also available in: Slovenian

Facebook changing the use of its platform to external sites and applications. For some time now FB can be used over HTTPS if we want, at the end of the year it will be accessed only over HTTPS to Facebook and its related applications for greater security. 
Many users data leaked to others already, because of the poor security in FB authentication via HTTP which they then can use for their own purposes, mainly of a commercial nature.

Timeline migration to HTTPS and OAuth 2.0:

  • 1. July; updated php and JavaScript to use OAuth 2.0 and the new cookie format
  • 1. September, all applications needs authentication must use OAuth 2.0
  • 1. October, the iframe applications must use SSL access

OAuth 2.0 is an open standard, which was created along  with Yahoo, Twitter, Google and others; use a secure https connection to the web pages and applications. For safer platform Facebook has teamed with Symantec s, for better intrusion and spam prevention.
This means that all those who have a FB page and edit t he specific welcome page and others, must obtain the SSL certificate. SSL certificate cost about 30 $ per year or have pages through special services.Again a lot of work for developers and they put in a bad mood the owners of the FB pages too, since they only recently had to move from the use of FBML to the iframe.
Do not think that Facebook started to take action because the recent spam or because it’s concerned to keeps users’ privacy, but because the outflow of information about users to thirds, reducing its profit. These so easily obtained data wants to keep for themselves and gets as much money as it can from user data.



Works as system engineer in Slovenian Enterprise in Microsoft environment focusing on security, deployments, SharePoint, SCCM and CheckPoint firewall. Author of successful blog about IT security, Microsoft tips & tricks, social media, internet trends.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.