Print 8 comment(s) - last by Polynikes.. on Aug 14 at 2:00 PM

Facebook officials say it's happened before

For an application developer, having your source code leaked can be a very dire thing. For popular online social network Facebook, part of its application source code was leaked, revealing some details into the how Facebook operates. Posted on a single blog site entitled Facebook Secrets, the source code that leaked appeared to be of the main user interface, and not of any deep mechanics of the website.

The source leak might reveal security holes of the social network. While it is fairly certain there have been attempts to hack Facebook, no one has successfully done so. Despite the leak, Facebook officials say the source code published was only a very small portion of the entire Facebook application and no details other than code responsible for homepage presentation was leaked.

“A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way. Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook," said Brandee Barker, public relations chief, Facebook.

Without a doubt, the leak will create a lot of activity for Facebook in terms of watching out for security. According to Barker, a small but known problem in apache and the mod_php module will output back-end source code to the end user instead of the appropriate output code. Barker indicated this problem occurred previously but source code was never published until now.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

I've seen the code, you can too
By nerdtalker on 8/13/2007 11:43:18 PM , Rating: 2
Here it is:

Overall, the facebook PR person is right; there's very little here to tell you really what's going on. Other than giving you some basic idea of their directory structure, naming conventions, and what calls they're making on the home page, there's nothing overly-dramatic one can use to craft an exploit.

Granted, any information is something you could go off of.

Honestly, I think they've got very well-written PHP right there, very nicely organized. One thing's for sure, it's gotta be better than what MySpace's code would look like spilled all over the net.

RE: I've seen the code, you can too
By hadifa on 8/14/2007 12:56:43 AM , Rating: 2
Security is a big a concern in Facebook and similar networking websites were they are holding a lot of personal details.

RE: I've seen the code, you can too
By MGSsancho on 8/14/2007 4:07:10 AM , Rating: 2
Myspace is unique. It runs on .Net C#, some parts are C++, and about 30% cold fusion. dont ask me why, thats from their architecture power point presentation. I think the leaked code from facebook is just the code for the front end. nothing that represents the back. the back is the holy grail

By SandmanWN on 8/14/2007 10:05:22 AM , Rating: 1
Well not exactly unique. Ive been running this ratio in about all the coding I've done for about the past 5 years. I helped design some coding for one of the largest ebay sellers in the world and they also used a similar ratio in their design. ColdFusion (one word btw) is a really powerful tool and plays nice with all sorts of other coding like .NET, PHP, etc. Probably due to its heavy base influence from Java. Now that Adobe has purchased CF through the Macromedia acquisition it has received some overhauls that are making CF almost too versatile to ignore. Sounds like a sales pitch but it has really has been so easy to learn and implement.

By leidegre on 8/14/2007 6:21:12 AM , Rating: 3
That's just a preprocessor directive which never got processed, the real PHP code is the modules behind it all, and it’s never sent. The only reason why this showed is because when PHP things tend to go wrong, it just won't process. It's similar how both ASP classic and ASP.NET runtimes do the exact same thing when the preprocessing fails.

"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Laptop or Tablet - Which Do You Prefer?
September 20, 2016, 6:32 AM
Update: Samsung Exchange Program Now in Progress
September 20, 2016, 5:30 AM
Smartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki