As announced Friday, Facebook has completed the transition to the new version of the Developer App utility used to register applications for use within Facebook. Aside from making a few more navigational user interface changes, the new version now warns developers that as of October 1 they must provide a secure Web address as the source for their applications, including content to be displayed on a Facebook page tab. The deadline had been previously announced in May, at around the same time Symantec exposed a series of security flaws in the Facebook platform. The platform roadmap also includes a September 1 deadline for applications to transition to the OAuth 2.0 standard for better authentication with Facebook.
By moving to encrypted connections, Facebook hopes to prevent a class of user account hacks based on intercepting the Web cookie files used to identify users after they have logged in. Browsing Facebook in this secure mode is a user configuration option today, but Facebook is talking about making it the standard.
The issue for apps is that if the base Facebook page is being viewed over an https connection, the embedded content also needs to be available in the same mode for the sake of security and consistency. For the past several months, the Facebook app infrastructure has been in a transitional phase where developers were encouraged to register a secure Web address for their apps but not required to do so. Users browsing the website in https mode would be given the option of switching to an unencrypted connection to view an app or tab for which no secure content was available.
Making https connections mandatory is a natural next step, although it may be a stumbling block for some smalltime players who started creating custom Facebook tab content when it was easier. Although obtaining the security certificate required for an https connection is relatively inexpensive, it does require that the domain be associated with a dedicated IP address--a hurdle for small business websites that share a server with other domains.
See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.