• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Using Social Programming platform for identification and authentication

 
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Mark, this will be my final question to you ,

what are the advantages and disadvantages of using various social platforms for user identification and authentication in my own web application?

like if i completely rely on such platforms to perform user authentication for me, what am I gaining or loosing here?

and how safe are these platforms against xss attacks against my web applications?
 
Author
Posts: 31
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rohan kanade wrote:Mark, this will be my final question to you


That's OK, ask away! That's what I'm here for.

Rohan kanade wrote:what are the advantages and disadvantages of using various social platforms for user identification and authentication in my own web application?


A good question. Once obvious advantage is that you don't need to handle storing usernames/passwords within your database/file store. For users they don't have to create another username/password combination that they have to remember to use your site! The added value of these social platforms is that they can also be used to share updates with friends as users can "re-create" their social graph (connections) on your own site. For example, users may already have an extensive friends list on Facebook which they can "port" to your site and find their Facebook friends who are also using your application. The main disadvantage is if a platform goes out of business! But also, more technically-focused, that you will have to keep up-to-date as platforms do tend to add/remove features almost weekly. As users have already created rich user profiles on other popular web sites you can then use this data to customise and personalise it to your users. For example, age-specific or country-specific sites.

Rohan kanade wrote:like if i completely rely on such platforms to perform user authentication for me, what am I gaining or loosing here?


I would suggest coupling these authentication mechanisms with your own user identifiers if you can. As you say, you could lose out if a platform goes bust! However, you could always ask for a user's e-mail address and prompt them to re-register should that happen. Facebook does have a number of methods of alerting you should a user de-activate their account which will enable them to re-register on your site.

Rohan kanade wrote:and how safe are these platforms against xss attacks against my web applications?


All of these platforms do provide robust methods which filter out such attacks. I would recommend also using a web application framework for additional security. In the book I use CodeIgniter but there are many others such as Django that can be used. The official libraries do do a lot of verification behind-the-scenes but I'd always recommend checking inputs/outputs for such exploits as you mention.

I hope that helps?
 
Rohan kanade
Ranch Hand
Posts: 106
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thank you Mark, these were the only questions in my mind, hopefully we will get our project started now.
 
Mark Hawker
Author
Posts: 31
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rohan kanade wrote:thank you Mark, these were the only questions in my mind, hopefully we will get our project started now.


No problem at all. I think the best way to supplement my answers would be to do on a small-scale. Play around with the various platforms and see which takes your fancy. As mentioned in another thread, the book does go through a walkthrough of implementing a microblog using Twitter, Facebook and Google with room for improvements and extensions!
 
Ranch Hand
Posts: 608
Firefox Browser Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As a user I can tell -- just the idea of easy authentication to a site without going through filling a sign up form is lure enough to try out sites. I guess I wouldn't mind registering on the site once I figure out its good for me -

 
Mark Hawker
Author
Posts: 31
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, that's right Sam. You can also easily revoke access to the sites easily and conveniently which is a bonus!
 
I've been selected to go to the moon! All thanks to this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic