• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

AreWeConnected.com

Custom WordPress Websites that Rock!

  • Home
  • About
    • Hire a Tech Dude!
    • Recommendations
    • Add your testimonial
  • WordPress
    • Custom WordPress Website Build
    • The Managed EVERYTHING Website!
    • Making your site “SECURE”
  • FAQ
    • Making Your Site SECURE
  • BLOG
    • Posts about WordPress
    • Guest Post and Comment Policy
  • Contact

Poisoning The Well

Facebook Pages · June 12, 2012

32
SHARES
FacebookTwitterSubscribe

9/24/2018 UPDATE: Facebook is now SECURE as are most other Social Networks. Your website should be secure too.


While the title may suggest something else, I’m not using this as a rhetorical device.  The general idea behind “Poisoning the Well” is that early on, something is introduced into the stream and it impacts everything downstream.  This post is about Custom Facebook Page Apps.   The key to this post is about

What We Don’t Know

And yes, it can hurt us!
We don’t know who the people are that are viewing our Facebook Page.
We don’t know what computer they are using.
We don’t know what browser they are using.
We don’t know what security settings they have their browser set to.
And even if we did, we wouldn’t want to exclude them.

I build custom apps for businesses pages on Facebook.
More and more I see incorrectly built applications that just don’t work.
When I say they don’t work, I’m not talking about their effectiveness.

I mean they flat out don’t load.  Nadda, Zippo, Zilch!
Worse yet, the viewer’s browser may provide a ominous popup scaring people away!

Here’s a screen shot from a site using my Mac and Firefox when I went to view a Custom Page App.

The same App in Chrome yields and even better response

Just how many people do you think will choose the “Ignore the Risks” option?
Not many, right?  Realistically, how about ZERO?

My browser showed me that warning when I tried to view an App in Facebook yet the App had absolutely no malicious content inside it.  The only thing that App did was break the chain of security.  That’s all.

Security is a chain

Like millions of others I choose to sign in to Facebook “securely”.  No big deal other than the little s at the end of http

That s means that for me, every thing I view inside of Facebook will rendered secure.  In simple terms, everything lives on a server somewhere.  Code can ‘call’ a picture, or text, or snippet of other code from a server.  The s part of https simply means that…

When you connect to a secure website, the server hosting that site presents your browser with something called a “certificate” to verify its identity. This certificate contains identity information, such as the address of the website, which is verified by a third party that your computer trusts. By checking that the address in the certificate matches the address of the website, it is possible to verify that you are securely communicating with the website you intended, and not a third party (such as an attacker on your network).

…says the warning from Chrome.

Here’s how my own Secure Server looks.

Your Facebook Apps could have a problem

The content within them now is all iframed.  That means the content lives on servers not owned by Facebook, servers that may or may not be secure.  That’s not a big issue as long as all the content, let me repeat that again for emphasis…
ALL THE CONTENT is coming from a secure server somewhere.

Here’s How You Screwed Up

Did you get one of those free apps that allow you to put stuff in a box to create a Page Tab?
Is the App itself hosted on a secure server?  Did you check?  It better be or your Tab is broken.
I see a lot of these right now.

Know a little html?  Did you write anything that looks like <img src=”http:
Congrats!  You just broke your own app!

You could also have a script for a form, a video embed code for YouTube or many other possibilities.  The same could be said for even a Paid App.   If just one single thing, one very small little thing comes from a non secure server – you’ve broken the chain.  You’ve broken your App.
No, you can’t just stick an s to the end of every http – nice try!

The Right Way to do it

There’s a right way to do it and it’s really simple too.  Just make sure everything is sourced from a secure server.  Everything.  If you do that, the Tab you’re building will be fine for both non secure and secure browsers (like me).

OR just HIRE ME

When Facebook announced that users would be able to sign in securely I saw what was needed and now every custom app I build resides on both a secure and non secure server so that no matter who views one of my Apps, no matter how they sign in, and no matter what browser they use – the App will work!

  • Author
  • Recent Posts
Mike Mueller
Connected?
Mike Mueller
VP of Happiness at AreWeConnected.com
A former professional hand model, Mike builds Custom WordPress Websites that rock!


He's an avid hockey fan, rides a mountain bike, sometimes rides a road bike, has a few motorcycles (he had a really fast one, bought a cool orange one, rode a really slow one, and now,a perfect "BDR Weapon"). If that isn't enough, he makes cheese and sourdough bread, loves strong beer and good red wine, and poorly plays the Mandolin.
Mike Mueller
Connected?
Latest posts by Mike Mueller (see all)
  • 8 Questions Your Web Developer Should Have Asked - April 27, 2021
  • Slack, Chat or Discord? - April 6, 2021
  • Unsplash Bought by Getty Images - March 30, 2021
32
SHARES
FacebookTwitterSubscribe
New Comment Policy:
If you see something, say something!
(shamelessly borrowed from Homeland Security but really, let's bring commenting on posts back!)

Filed Under: Facebook Pages Tagged With: Advertising campaign, Facebook, Facebook features, Facebook Page, Firefox, Google Chrome, HTTP Secure, Hypertext Transfer Protocol, Mike Mueller, Search engine optimization, Servers, Small business, social media, Transport Layer Security

Previous Post: « Top 10 Posts: “Best Practice for Facebook Pages”
Next Post: Toyota 100 Cars for Good »

Primary Sidebar

Who runs this Pop Stand?

Mike Mueller
Mike@AreWeConnected.com
PH: (925) 456-4567

Connect

  • Facebook
  • Flickr
  • Instagram
  • LinkedIn
  • RSS
  • Tumblr
  • Twitter
  • YouTube

Look, it’s Just a Newsletter!

  • While I might write a bunch, the newsletter is set to go out only on Wednesdays. That's it!  Just one day a week! Can you handle that?
  • This field is for validation purposes and should be left unchanged.

FREE Downloads

Icon
1827Small Biz Websites Built so far…

Let's Build Yours!

Expert Google Workspace help

Get Started and then hire the right help!

Lighten up!

Search: (anything)

Sign In / Up

  • Account
  • Website Management Subscription
  • The Managed EVERYTHING Website!

DM me. Really!

Have a question about anything I do? DM me! Message @mikemueller

Who to host with?

It's the #1 question I'm asked - where to find inexpensive shared hosting. Here's who I recommend.
Data Servers are a HUGE drain on the power grid. Here's a host that sources 300% of it's power from Wind and Solar! On top of that, their service ROCKS!
Check out GreenGeeks

Need more power?

WPEngine has it!

Hacked?

Sucuri Security
Creative Commons License
This site was built, is hosted, and backed up, and maintained by Mike Mueller. AreWeConnected is about the open sharing of ideas without a hidden agenda. Assume any link on this site is an affiliate link, Clicking on affiliate links costs you nothing extra (probably saves you $) and helps support this site.
PRIVACY POLICY

MANAGE YOUR ACCOUNT

CHAT
...another Custom Wordpress Website by Mike Mueller Hi!