Thursday, 1 September 2011

What do Facebook and Spring Day have in common?




Facebook changed over to the new OAuth 2.0 protocol today and have given us just one more month to ensure that we change all our apps and fan pages from HTTP to HTTPS.
What difference will this make for a general user? And what does this mean for us as developers? How will this change how we develop for Facebook?
The major benefit for the end user will be secure browsing. Currently if you have turned on secure browsing in your settings if you navigate to a fan page which wasn’t secure Facebook would prompt you with the following.
If you click continue your entire session will be conducted under a regular HTTP session and will no longer be browsing securely. Not just on that page but wherever you go on Facebook. Closing your browser doesn’t help (if you are like me and stay logged in). The next time you open Facebook you will still be browsing un-securely.
Previously, the only way to browse securely again was by going into your account settings and changing your settings again. Now, by logging out and logging back in, it will restore the secure browsing settings in your browser. Once the change to HTTPS hits on the 1st of October you will no longer have to worry about this issue. All browsing on Facebook will be available through secure HTTPS connections.
As far as development goes: Developers won’t actually have to change anything about the way they develop for Facebook. The Facebook Graph Toolkit is already using OAuth 2.0 to authorize its users, as well as using the signed_request parameter (a parameter used by Facebook to pass information to iFrame applications).
Unfortunately anyone who wants to create an application in a Facebook fan page now has to acquire a SSL certificate for their domain in order to host their application. This will increase the cost of your hosting as well as possibly causing some (slight) performance (speed) issues.
All in all, in my humble opinion, I believe this to be a very positive change for Facebook; cutting down quite dramatically on the number of users who get their accounts hacked and making Facebook more secure in general.
And what does any of this have to do with Spring Day? Well, nothing really, but in honour of Spring Day we had our very own Squirrel (SQUIRREL!!) create an awesome Spring Day background for your PC. Download your own Firewater Interactive background and feel the awesome!

3 comments:

Francois said...

Personally, I enable HTTPS wherever I find the option to do so. Online security isn't a new thing, and it's something that all internet users should have a basic knowledge of.

I won't sympathize if your account got hacked - I am going to laugh. In the end, it's the only way to really learn to be more cautious.

If you use the internet on a daily basis, I expect you to know not to do stupid things - things like installing silly browser toolbars and the like. Not being an IT expert isn't an excuse - you use the tool, apply some common sense, dammit.

Also, as an IT Expert, I feel it is your responsibility to inform those who aren't as knowledgeable.

At the end, online security is becoming a part of our daily lives and everyone should try and obtain a working knowledge of the basics.

Cool post though, thanks!

JoburgBlogger said...

I 100% agree with you. Today with the access everyone has to information I have very little sympathy for the average user who is too lazy to learn how to protect their information.

However a lot of Facebook users are NOT average users. This change will protect those who DON'T know better. And as you said, it's our duty as IT professionals (I wouldn't call myself an expert by any stretch of the imagination) to inform those and protect those who aren't as knowledgeable.

This FB change just makes it easier for me to ensure that my father or 11 year old niece have better protection on their account without me having to change their settings all the time.

Viv Gold said...

I agree. Adding more features for security of the users is an absolute must. This must be a core focus for all online companies in my opinion.

gold coast web design