+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Defensive coding for facebook apps using CI? (/showthread.php?tid=34913)
Defensive coding for facebook apps using CI? - El Forum - 10-13-2010
[eluser]gh0st[/eluser]
I'm thinking of building a Facebook app using CodeIgniter; I did experiment a long time ago with some libraries and code I found from searching the forums; I understand the API recently changed.
One thing I am concerned about is security and I'm wondering the best defensive coding practices for the following issues (as I understand them to be).
1. Ensuring the request comes from *.facebook.com AND/OR your website only.
I believe the RPG apps use this method to reduce the impact of bots that farm RPG points
One thing that struck me is that this is something I would like to implement in non-facebook apps too; one needs to make sure the request comes from your website.
Thus, is there a way to do this currently with CI?
2. Reducing Cross Site Scripting, Session Hijacking
This is related to the above.
Are there other facebook defensive coding practices one needs to be aware of, or CI caters for out-of-the-box?
Thanks.