Miron's Weblog

OpenSocial insecurity – no user to app authentication

Posted on November 3rd, 2007 by miron

I was pretty excited to hear about Google trying to set a standard for social network applications. I wasn’t so happy to notice a serious omission in the way security is handled.

Executive Summary: no user authentication! Any user can forge anybody else’s identity when interacting with any OpenSocial application. As it currently stands, it is not possible to write secure social applications on the platform.

[Read more →]

Tags: Social Networks // 12 Comments »

Recent Posts
Recent Comments
- Tiago Marques on Moving your Android Contact List to a New Phone
- Stephan on Fixing up your Android OTA file
- dukzcry on BuddyNS
- SarK0Y on Brain Emulation by 2030
- SarK0Y on Brain Emulation by 2030
Archives
- April 2020 (1)
- December 2012 (1)
- May 2012 (1)
- August 2011 (1)
- January 2011 (1)
- December 2010 (2)
- November 2010 (1)
- August 2010 (4)
- July 2010 (2)
- May 2010 (3)
- March 2010 (2)
- February 2010 (3)
- January 2010 (3)
- December 2009 (3)
- April 2009 (4)
- March 2009 (1)
- January 2009 (3)
- December 2008 (3)
- November 2008 (1)
- October 2008 (2)
- December 2007 (1)
- November 2007 (2)
- September 2007 (4)
- August 2007 (1)
- July 2007 (2)
- April 2007 (4)
- March 2007 (5)
- February 2007 (2)
- November 2006 (1)
- October 2006 (1)
- September 2006 (1)
- August 2006 (5)
- July 2006 (3)
- June 2006 (2)
- May 2006 (3)
- January 2006 (1)
- December 2005 (2)
- November 2005 (4)
- August 2004 (1)
- July 2004 (1)
- June 2004 (1)
Meta

RSS Syndication

Categories
- Android (1)
- Future (44)
  - Brain (6)
  - Nanotech (13)
  - Singularity (15)
- General (17)
  - FillZ (1)
- Physics & Philosophy (5)
- Politics (5)
- The New Web (30)
  - Reputations (6)
  - Secure Software (2)
  - Social Networks (21)
linkroll

Fast Forward

OpenSocial insecurity – no user to app authentication

Recent Posts

Recent Comments

Archives

Meta

Categories

linkroll