Menu
I want to let people to log in with "Facebook login". but, I wonder if it is secure enough, or I'm just doing it wrong.
What I'm getting back after a successful login is the user data, with the facebook_id, which I'm inserting to the DB passed by a JavaScript reuest to the server via handler since I'm using asp.net.
But, what I think that by a malicious use, one can change that data. and insert rubbish to the server, or even insert different facebook_id.
So I wonder if the "Facebook login" is secure enough to use, or that I'm doing it wrong. I thought about other option to pass that client data to the server - by postback the server with a hidden runat=server textboxes but still, malicious use can change those textboxes. I've read here about the option to let the users add password to their Facebook username but it sounds a bit not user-friendly.
Am I right? is that a way to do it more secure? Is there any cookie that Facebook put on the client browser that I can read from the server? as though a lot of websites use this "Facebook login" there might be another way that I didnt think about...
507
So long as you're using a strong password and have set up two-factor authentication for your Facebook or Google account, then go for it. It will be safer than most alternatives.
“Facebook is considered a prime target for hackers due to its large number of users, data and connected applications and platforms (e.g. Instagram, WhatsApp). Hackers tend to aim for users rather than the platform itself as they are the weakest link in the chain,” Fragkoulopoulos said.
Pass the access token up to the server (or check for it from the cookie Facebook sets) and then have the server call https://graph.facebook.com/me?access_token=... and get the Facebook ID that way. You can get the access_token by calling FB.getLoginStatus from the javascript sdk.
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
