Support » Plugin: Srizon Social Album » WARNING – Off Site Access to a Social Media Account

  • SoCalCreations

    (@socalcreations)


    LOVE the idea of this plugin, however the way the author has it set up is for you to got to HIS SITE to access your Facebook Security tokens. That is a security risk. This would be a much better solution if the app had the ability to make direction connections to Facebook. To leave either your platform or Facebook platform creates the opportunity for the “man in the middle” to hijack your social media account. I warn anyone in using this application.

Viewing 1 replies (of 1 total)
  • Plugin Author afzal_du

    (@afzal_du)

    Hi,
    Your concern is legit. If I keep a copy of the generated tokens I can pull all your albums. However, I don’t keep a copy. But users need to trust me on this.

    This plugin was published about 7 years ago. This new system of off-site token generation is new (introduced about 6 months ago). Here are the reasons:

    After Cambridge Analytica scandal, facebook put some restrictions in place:
    1. Your app login need to originate and redirect back to an https (secure site) … not all the users of my plugin has https site
    2. Your app needs to have a few regular active users. So if you create your own app for your site and people don’t log-in and use that regularly, facebook will refuse to honor the API calls (already happened)
    Also, The App setup on FB has some caveats. Most user don’t want to go through that process

    For these reasons it was the only viable way to keep it functional and usable for everyone. I’m not sure if some other plugin developer found a better way to cope with this. So you have 2 options: 1. Trust my claim that I’m not storing the tokens 2. Look of another plugin that does it in another way

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.