javascript - Enforcing Facebook Authentication: Client-side and server-side -

I am preparing a social media app in Flash (AS3) which is tightly integrated with Facebook - all users Accounts are handled via Facebook Connect, and all Facebook Connectivity and API is handled through a combination. I am using backend for server-side data management, which includes tracking user actions and data on the site, which is from Flash to URLRequests

My problem is that I know How to prevent duplicate server requests from Flash; In theory, malicious users can call for Flash on my server and reproduce them in a manner that includes (for example) garbage data and with the Facebook user ID given in my database All authentication is being done on the client side (via the Facebook JS API) without having any interference on the server, so let me find out Skil is how to secure the flash and secure calls between servers in a manner that the user must authenticate with Facebook to make them.

One possibility that I understand is that the client is using the encryption scheme known to the client and server to pass the UID forward and behind, which would definitely be better for them to pass in clear . However, with an adequate time / patience to break this plan, an entrepreneur will take the hacker (or to scing the SCF) to screw everything.

Still, I can finish it, but this is an important point and I'm not really sure about the best approach. Any feedback will be highly appreciated!

This is a legitimate concern because you are violating the encryption can not help this station because a malicious The customer will be able to get any secret.

The best way to verify the client is to send the flash app back to the server. The server will need to connect back to Facebook as if the server can confirm that the client has a valid session with Facebook, it should be done once the login is done, and then you can access the data store for that user. You can issue a session ID (cookie) on the Flash app to reach.