Open iamzenigma opened 6 years ago
the solution to make a single PHP for a social network that grabs the feed hidng the token userid and so on is the way is more secure.
Here you can find a nice discussion about facebook + PHP
https://stackoverflow.com/questions/28124078/get-latest-facebook-posts-of-page-with-php-sdk
another script done is this one: https://gist.github.com/biojazzard/740551af0455c528f8a9
this process must be done with all feeds/social. Some need extra .php libs.
yeah, this plugin uses all tokens client side. you should NEVER do that, tokens are usually meant to be kept secret. also, you can implement some important caching server side, or you may hit api limits if you get many visitors.
Hey, I was wondering if anyone has ever considered putting the API requests in PHP on the server-side. Because the current approach leaves all of our social media keys wide open, as everything goes through Javascript.
I attempted storing the keys in PHP and calling it with AJAX from the client side, but this is just obscuring the codes and not actually securing the keys, as the API requests happen on the client-side.
Anyone has ever considered this and turned some of the code into php?
If anyone is interested, I'm willing to implement this, but I'm not sure if I have enough knowledge (in general + of the code) in order to make this possible.
Or perhaps there is an easier solution to make the keys inaccessible for other users?
Thanks in advance.