Is Facebook Client-Side Flow Authentication Secure?
Yes, I would imagine this could be a security issue; not with your application, but with Facebook itself. Even if you were to encrypt your key, there would need to be a method through which the application decrypts the key (for example, the key would have to be stored somewhere in the application). Another issue, assuming the encryption was perfect and unbreakable, someone could still: a) Extract your access token from RAM while it is in transit b) Possibly use a SSL interceptor program to create a fakesigned certificate, and decrypt the access token.
However; what is the likelihood of someone actually doing that? Why would they WANT to do that?
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.
Related Questions
Mixing client-side authentication with server-side authentication?
Enforcing Facebook Authentication: Client-side and server-side?
WCF: Client-side Mutual Certificate Authentication Problem (Could not establish secure channel for SSL/TLS with authority)?
When a page delivers secure and non-secure items over https, are the secure items compromised?
Facebook Client-Side Authentication Example - Adding Scope?
Sharepoint web services — The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM?