Some time ago I had the good fortune to work with some developers on a Facebook application that was underperforming. Through a very robust investigation of the application, it was discovered that a large number of invalid requests were being passed to the server. It was the victim of a Distributed Denial of Service attack utilizing Facebook platform and a popular application to bring down the application.
What Can a Developer Do?
Before instantiating ANY code, check your signatures! There are a number of ways to do this, but for starters, check the $_REQUEST['fb_sig_app_id'] and be sure it’s yours!
Spot check…
[ Read the rest of the story in the original article... ]
Related Articles:(This is an automated generated content. If you are the owner of this article and don't want to show this here, just write me at post@12n3.net and I'll remove it immediatly)
