After checking around, this seems accurate.

That bitchy queen Zukerberg, needs to sit down, and fix his code! the whole thing is a MESS!

This is why you don't use the addons on places like that unless you can 'trust' them. Do you really need those 8 versions of "How hot am I" "Rate your freinds" "Add this application or a puppy dies"?

I'd say treat the applications you put on there as you'd treat giving out contact details, but we all know how well that usually goes.

One nice little hole that I've wondered about is the fact that the applications gain access to your information when you add them, a nice box saying:

"Know who I am and access my information"

Unticking this gives you:

"Granting access to information is required to add applications. If you are not willing to grant access to your information, do not add this application."

Why is the option there then?

http://developers.facebook.com/user_terms.php - Platform Application Terms of Use . I love section 2b. A Data Miner's wet Dream?

Bitch?

I chose Paris because she'd say "That's not hot, bitch!"

Its written in PHP and MySQL, hardly known for secure applications or scalability. Its a power keg waiting for crap developers.

...use FaceBook??

Why bother! It is probably much easier to stand on a street corner (or Hyde Park) and shout "LOOK AT ME".

Right and besides Hyde Park is a lovely park, one of my favorite places in April but unfortunately not able to visit it often, FaceBook - no flowers, no spring rain, definitely no entertaining and funny people, no pub's near, .. Yes, if I have something to say, I will go to Hyde Park. Try it, you will love it! Next time I'm in London, hopefully in April, see you there and not in Internet. Besides, it's totally safe except of course from some, very good British humor, the comments are way better than what you see in Internet!

"Its written in PHP and MySQL, hardly known for secure applications or scalability"

I disagree... PHP and MySQL can be perfectly secure and scalable; it just depends on the talents of the programmer. I've seen loads of times when someone has used a module or application from a third party without properly checking it and thus exposing gaping security holes...

I'm not saying that what I write is perfect, but a company I used to work for thought that putting the admin pages in /admin/ without any password checking was OK ("it's not linked-to so no-one will know it's there")... they worked in ASP.

What you're saying is akin to "this book is rubbish because it was written on a mac"... it may be true that it was written on a mac, but it's the (lack of) talent of the author that you should be criticising!

"Its written in PHP and MySQL, hardly known for secure applications or scalability. Its a power keg waiting for crap developers."

Yeah, because ASP applications are 100% secure...

I assert that this coat is mine.

Riiiiiight, because there arent crap developers in other languages/DB's..

"security by assertion" is a long standing tradition of clueless coders, who write 95% of software out there. I was tempted to cite an example from Microsoft's own MFC library (probably the most popular library ever used by Windows programmers), but resisted. There are just too many assertions that make no sense.

Far too high level: try a bit lower

Failure to parse for script is on a par with not handling

OR '' = ''