Email from Facebook, what to do...?

Email from Facebook, what to do...?

I received this automatic message from Facebook, What kind of action I have to make..?

Please help.. site url: www.b2bcontact.nl

-------------------------------
Dear Developer of ...,

Our automated systems have detected that you may be inadvertently allowing authentication data to be passed to 3rd parties. Allowing user ids and access tokens to be passed to 3rd parties, even inadvertently, could allow these 3rd parties to access the data the user made available to your site. This violates our policies and undermines user trust in your site and Facebook Platform.

In every case that we have examined, this information is passed via the HTTP Referer Header by the user's browser. This can happen when using our legacy authentication system and including ,  or  content from 3rd parties in the page that receives authentication data from Facebook. Our legacy mechanism passes authentication information in the URL query string which, if handled incorrectly, can be passed to 3rd parties by the browser. Our current OAuth 2.0 authentication system, released over a year ago, passes this information in the URL fragment, which is not passed to 3rd parties by the browser.

Please ensure that you are not allowing this data to be passed immediately. Accessing your site as a test user while running a HTTP proxy/monitor like Charles or Fiddler is the best way to determine if you are allowing this information to be passed. If you discover the issue, you can do one of two things:

1. Migrate your site to use our OAuth 2.0 authentication system. We are requiring all apps and sites to update to this mechanism by Sept. 1, 2011. Migrating now will address this issue and ensure that you are one of the first to meet the deadline. For more details, please see our Authentication Guide.

2. Create and use an interstitial page to remove the authentication data before redirecting to your page with 3rd party content. This approach is used by many of our largest developers today (although they are all migrating to OAuth 2.0 shortly). This is a simple and straightforwardchange that should have minimal impact on your site. For more details on this approach, see our Legacy Connect Auth doc.

Because of the importance of ensuring user trust and privacy, we are asking you to complete one of the above steps in the next 48 hours. If you fail to do so, your site may be subject to one of the enforcement actions outlined in our policies.

If you have any questions or believe you have received this message in error, please contact us.

Facebook Developer Relations

fb_535167096
Peter
useravatar
Offline
11 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: Email from Facebook, what to do...?

There was nothing attached to your message. Please try to attach, or paste it into the thread, again.

Thanks!

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
24108 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.

Re: Email from Facebook, what to do...?

I paste it in the topic above. Thanks

fb_535167096
Peter
useravatar
Offline
11 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: Email from Facebook, what to do...?

Peter,
There's another thread about this posted below. We'd recommend checking that out for the play-by-play of what's going on and what we know. In short, we think the email was erroneously sent to some of our users.

Forum post:
http://www.sourcecoast.com/forums

We've also created a blog-post with more details of what the issue is, what we've tested, and what you can do to help:
http://www.sourcecoast.com/blog/extensi … g-to-oauth

Finally, if you have the time to take a quick survey about your configuration settings, that will greatly help us to narrow down the additional testing we're performing right now to see if there's anything we've missed:
https://spreadsheets.google.com/gform?h … amp;hl=en#

Thanks,
Alex

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
24108 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.
There are 0 guests also viewing this topic
There are 0 users also viewing this topic

Board Info

Board Stats
 
Total Topics:
11667
Total Polls:
0
Total Posts:
48991
Posts this week:
24
User Info
 
Total Users:
47795
Newest User:
ivoand
Members Online:
0
Guests Online:
832

Online: 
There are no members online
Social Stream
Refer and Earn

Like our extensions? You're not alone! That's why they're used on tens of thousands of websites. Now you can earn 20% of any sale you refer to SourceCoast.com.

We provide excellent documentation, well laid out sales pages and great support. All you need to do is spread the word and we'll take care of the rest.

Learn About Our Affiliate Program