security - How safe is it to use Facebook as an identity provider? -



security - How safe is it to use Facebook as an identity provider? -

we in process of creating new authentication scheme of our company web apps. considering allowing users login via facebook, google, live, etc.

what thoughts on safety, privacy , security of allowing facebook access our users? people telling horror stories of facebook tracking them when not logged in facebook. has world chosen take ease of login on privacy protections? these fears myths?

safety depends much on code implement it. prefer avoid logging in people twitter, because easy create false business relationship on twitter. now, facebook , google, , i've noticed nil particularly "dangerous" in terms of security.

the odd phenomenon (at to the lowest degree far experience goes) that, when presented 2 options, i.e., possibility sign "stardard form" requires verification email (long procedure) , possibility click button , login google, yahoo, or facebook (fast , easy), users prefer providing info form, old way. must due rumors privacy breach mention.

i don't think can dismiss or confirm such myths. sure thing google+ button (the +1 button more specific), says hi if visit site has while you're logged in, , greets name. google analytics suggests alter privacy statement if decide track interests , hobbies of visitors. facebook has insights too. don't think these myths.

privacy depends on info can collect google/facebook/live login. have made point not share, sell, utilize of info gathered - not emails, not newsletters (i don't send newsletters). understand may pure idealism, , doesn't bring far if have run business (not sure!), far it's working fine, @ to the lowest degree me, , users.

facebook security login identity privacy

Comments

Post a Comment

Popular posts from this blog

php - Android app custom user registration and login with cookie using facebook sdk -

php - Android app custom user registration and login with cookie using facebook sdk - i developing android application in users need register , log in using facebook. approximately, flow. open app first time, authenticate facebook, data, send info server create them business relationship in application, start session new business relationship in server, cookie perform later interactions. so far good. what need know wich info have send server, can able identify users when log in seccond time. because need start session in server , send cookie android app farther interactions. i'm using php server side language. i thinking getting getaccesstoken() in android facebook sdk, pass server on business relationship creation , storing in android app. but can't manage how login users on sec time utilize app. any suggestions ? in advance ! to uniquely identify user within app, should create request /me , user's id. guaranteed unique , remain con
Read more

django - Access session in user model .save() -

django - Access session in user model .save() - is possible access current session in user model .save()? pseudo code of want achieve: # users.models.py def save(self, *args, **kwargs): created = true if self.pk: created = false super(abstractuser, self).save(*args, **kwargs) # post-save if created: look_for_invite_in_session_and_register_if_found(self, session) seems wrong in architecture. shouldn't access request in models layer. work request must done in view. can this: user, created = abstractuser.objects.get_or_create(name=name) if created: look_for_invite_in_session_and_register_if_found(user, request.session) django session
Read more

php - .htaccess Multiple Rewrite Rules / Prioritizing -

php - .htaccess Multiple Rewrite Rules / Prioritizing - here current htaccess file: rewriteengine on rewritecond %{http_host} !^www\.website\.com [nc] rewritecond %{http_host} ([^.]+)\.website\.com [nc] rewriterule ^(.*)$ http://www.website.com/gotourl.php?urlid=?%1 [l] rewriterule ^(\w+)$ ./gotourl.php?urlid=$1 [nc,l] rewriterule ^(\w+)/$ ./gotourl.php?urlid=$1 [nc,l] the website in question url shortener i'm working on testing/developing , personal use. above code may not ideal i'm not familiar .htaccess , made via googling , testing. want url shortening aspect: http://website.com/1234 -> http://website.com/gotourl.php?urlid=1234 http://website.com/1234/ -> http://website.com/gotourl.php?urlid=1234 the problem cannot figure out how ignore directories. want specific directories go specific pages: http://website.com/img (or) http://website.com/img/ -> http://website.com/img.php http://website.com/img/1234 (or) http://website.com/
Read more