|
|
|
|
|
|
by EGreg
5642 days ago
|
|
|
I am not talking about interacting with their API. Facebook returns a uid.
When the user takes an action, this uid is sent to the server.
The server trusts the uid, and saves this action as taken by the user identified by this uid. And let's say it's not the uid. Let's say it's the user's name. It trusts the user input basically. But it should probably be getting it directly from facebook, or in a signed structure, right? |
|
|