

Facebook Pushes Developers To OAuth 2.0 And HTTPS this time - ignifero
http://www.allfacebook.com/facebook-pushes-developers-to-oauth-2-0-and-https-2011-05

======
muppetman
Ethical questions of Facebook's data sharing policies aside, this can only be
a good thing for end-users can't it?

I'd like to see them move to being SSL only accessible, or at least making it
the default and HTTP being the fallback for mobile devices and similar.

~~~
poordev
Initial cost should correlate negatively with independent developer
participation.

------
tomjen3
Where the hell do people pay 1000 dollars for a certificate? There are comodo
resellers for ten bucks a year.

Granted they should be forced to deliver basic certificates for free as a
condition for having their root certificate included in browsers in the first
place, but until that happens this is still pretty close.

~~~
dspillett
They are free from <http://en.wikipedia.org/wiki/Startssl#StartSSL> \- trusted
by most browsers you are likely to encounter using facebook (the exception
being some users of IE6/7 under XP).

The cost issue is generally moot these days if you have a clue. There is an
administrative hassle (getting a cert, configuring your host, and renewing
each year), but not a financial one. There _might_ be an extra cost if your
app is delivered from a shared hosting environment for your app because you
will need a dedicated IPv4 address (as not all common browsers in the wild
support SNI yet which would remove that need), and an administrative cost if
you need to move host because you are on a very cheap provider that won't
support SSL at all.

