使用Facebook登录MySQL DB和iOS的安全性
I currently have my iOS app hooked up to facebooks API to log users into my app. I don't give users any other way to login, so they do not have local passwords on my database now. The app currently posts the facebook user_id to my server and if it is in the DB, it completes the login, if not, it redirects the user to register. Obviously, this is a pretty lousy way to do it, as anyone can just submit the user id if they know it (it's public info) and log in to my app as someone else. I do have if statements in my PHP to make sure the user is actually in the table before posting.
My question is how can I make the login process secure so people can't just submit a user id and gain access? I've read the facebook API, but I'm not very familiar with programming and would appreciate the help. I know facebook must have something for this purpose, I either overlooked it because I don't understand it or missed it entirely.
Thanks in advance!
我目前将我的iOS应用程序连接到facebooks API,将用户登录到我的应用程序。 我没有给用户任何其他方式登录,因此他们现在没有我的数据库上的本地密码。 该应用程序当前将facebook user_id发布到我的服务器,如果它在数据库中,则完成登录,如果没有,则重定向用户进行注册。 显然,这是一个非常糟糕的方式,因为任何人都可以提交用户ID,如果他们知道它(它是公共信息)并以其他人身份登录我的应用程序。 我在PHP中有if语句,以确保用户在发布之前确实在表中。 p>
我的问题是如何使登录过程安全,以便人们不能只提交 用户ID并获得访问权限? 我已经阅读了facebook API,但我对编程不是很熟悉,也很感激帮助。 我知道facebook必须有一些东西用于此目的,我要么忽略了它,因为我不理解它或完全错过它。 p>
提前致谢! p> div >
Access the Token and Save it on your Database. Instead of saving UserID.
Tokens are given only when a user grants access to a Application, Similar to what you see on a regular Website that has Facebook Login Access.
More Documentation here: Official Fb iOS SDK https://developers.facebook.com/docs/reference/ios/current/class/FBAccessTokenData/