There's 2 types of security you should be aware of regarding JFBConnect:
1) The extension itself - This is the same as with any Joomla extension, but you want one that hopefully doesn't have any exposed vulnerabilities which allow a malicious person to alter your database or the content of the site itself. There's plenty of other things an extension can do poorly to leave you unprotected, but that's a big one. Regardless, we've always been proactive in the security and coding of our extension to make sure it's as safe as can be. Additionally, JFBConnect (or any of our extensions) are not currently, or have ever, been listed on the Joomla VEL (Vulnerable Extension List), which we recommend you check periodically for extensions you have installed or plan to install:
docs.joomla.org/Vulnerable_Extensions_List
2) Facebook Connect itself - Facebook uses the OAuth 2.0 protocol. Regardless of what that is, it boils down to the fact that we (JFBConnect) or even a hacker who has compromised your site, can see a user's password. Basically, a user provides their credentials to Facebook (through the login pop-up) and then Facebook hands us a special 'key' for that user to use while they're on your site. This key wouldn't let a user hack the account in anyway, and is pretty useless outside of your site.
In short, Facebook doesn't trust 'us' either.. which is a good thing. I don't want to be responsible if a FB account is hacked
Hope this answers your question. Facebook Connect (and JFBConnect) are a secure solutions to add to your site, but obviously, it's always best to be as cautious as possible and stay up-to-date with releases with all extensions on your site.
Thank, and let us know if you're curious about anything else!
Security Question
