kdmurray.blog

The crossroads of life and tech

Tag Archives: facebook

Leaking Tokens: Time to Change Your Facebook Password

I don’t do this kind of thing lightly, but it might be a good idea to post this on your wall:

  • Facebook found a problem in the way that it was authenticating applications.
  • Any time you used an application a token was created that would allow the application to do it’s thing — including posting on your wall, accessing photos or whatever other permissions it requested.
  • The tokens did not expire and were being “leaked” through normal operation on Facebook.
  • Anyone who found a token would be able to use it to do the same things that you allowed the application to do — including posting on your wall, accessing photos or whatever other permissions it requested.

It is important to note that Facebook has said there is no evidence that this has been exploited — yet.

The problem has now been fixed, but all the old tokens could still be usable until September 2011. You can re-secure your account by simply changing your Facebook password. This will invalidate any of the existing tokens.

Information Week has an article with more detail.

Multiple RSS Feeds with DualFeeds

rssI’m a huge fan of bloggers (and podcasters and well… everyone else for that matter) using full feeds for subscribers to their sites.  I’ve got no time for people who demand that I hit their website to be able to read the content.  If you want to monetize the feed that’s fine, but let me read it where I want.

That said, I was contemplating this evening whether it would be possible to offer both full and summary feeds from kdmurray.net.  The reason? I wanted to start pushing partial posts to Facebook with a minimum of fuss.

The problem? WordPress only supports one post feed out of the box.

The solution?  Stephen Cronin‘s DualFeeds plugin (which I found thanks to @bluefur on Twitter).  The plugin allows you to create multiple feeds one for full-posts, and a second for post summaries.  This is a very elegant solution to the problem.  Though I wanted to add the stuff into Facebook, I didn’t want to push whole posts because I did want to try and use this to drive some traffic to the site.

Technically the plugin works very well.  I was able to set it up in just a couple of minutes and after about 15 minutes of testing have found that it plays nice with FeedBurner’s FeedSmith plugin, as well as my other feed-related plugin FeedEntryHeader — the latter as it turns out was also written by Stephen Cronin.

If you’ve ever wanted to be able to offer multiple feeds from your site, have a look at DualFeeds.  Works like a charm.