分享Facebook API ID和密钥是否安全？ [英] Is it safe to share Facebook API id and secret key?

问题描述

我正在开发一种基于Web的应用程序，与Facebook进行通信。其中一个文件包含Facebook API id和密钥。与世界其他地区分享这些信息是否正常？

解决方案

非常重要的是，您永远不会分享您的应用程式秘密。你的应用程序ID是完全不重要的，任何人谁可以访问您的Facebook应用程序个人资料页面，但应用程序的秘密是一个完全不同的故事。它可能会损害您应用程序中存储的任何数据，并允许第三方在不知情的情况下代您调用特定API。这对您和您的用户来说是不利的。

如果您不小心分享了您的应用程式密码（这可能会在嵌入客户端二进制代码或代码时发生），那么您可以重置它很快通过Facebook开发人员应用程序： https://developers.facebook.com/apps goto设置 - >编辑，然后单击重置应用程序秘密旁边。这将使以前由您的应用程序授予的任何访问令牌无效。

I am working on an open source web-based application that communicates with Facebook. One of the files contains the Facebook API id and secret key. Is it fine to share this information with the rest of the world?

解决方案

It is extremely important that you never share your app secret. Your app ID is completely unimportant and available to anyone who goes to your Facebook apps profile page, but the app secret is a completely different story. It could compromise any data stored within your application and allow third parties to call specific APIs on your behalf without your knowledge. This is bad for you and for your users.

If you have accidentally shared your app secret (this can happen when it's embedded in client binaries or code) then you can reset it really quickly through the Facebook developer app: https://developers.facebook.com/apps goto Settings -> Edit and then click reset beside the app secret. This will have the effect of invalidating any access tokens that have been previously been granted by your app.

这篇关于分享Facebook API ID和密钥是否安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！