HighLine Firearms
J&B Firearm Sales
Sporting Systems
Southwest Firearms
Low Price Guns
Defensive Arts
Oregon Rifleworks
Gun Deals
Buster Beaver Cerakote
Advertise on Northwest Firearms
Simply Triggers
Our login integration with Facebook is currently disabled pending their review of our integration.

I know a lot of you use it, and I apologize for the inconvenience. I'm waiting to hear back from them for clarification on exactly what they're asking for.

As part of their integration requirements they periodically review each integration. From their email:

Your app Northwest Firearms doesn't fully comply with our Platform Policies. Since we're striving to improve the Platform experience, your app has been deactivated.

Your app is violating Platform Terms 7.a-d: To view this policy in entirety, visit the "Compliance Review Rights and Suspension and Termination of these Terms" section of our Platform Policies at https://developers.facebook.com/terms. This policy includes information on app review, regular monitoring, auditing rights, and certifications.

To bring your app into compliance, provide the following in your appeal:

1. Detailed instructions describing how we can access your platform to test and review. Once we are able to access your platform, the experience we test in your app should accurately reflect the experience a user has in your app.
2. Valid credentials for us to login to your app and test/review its functionality and its use of any Facebook API integration. These credentials should be valid indefinitely to allow for future review of your app.
If this means us allowing them to create a normal user account here to see how the integration works, I'm OK with that.

If, as suggested in section 7.C of their terms linked in the quote above, they are asking for any additional access (servers, backend, email, etc.) we will be disabling the integration completely.

We've kept it enabled because a lot of people use it, but there is no way they're getting access to your user data.

We don't give or sell your data to anyone, period.
 

bbbass

Messages
14,368
Reactions
31,046
I'd be willing to bet that Zucker sucker doesn't want any PRO FIREARMS forums to be associated with Facebook.

And I don't think using Fakebook to log into NWFA is safe due to the high prevalence of FB hackers. I've been hacked repeatedly there. Recently they (the hackers) sent a PM to all my Messenger contacts saying lord knows what.... don't let them do that here!!!
 
Last Edited:

bbbass

Messages
14,368
Reactions
31,046
I'm seeing reports on another gun forum that not even secure passwords are safe.... wondering if that is because of logging in with Google or Facebook, or if it is because of letting browsers like Firefox save those supposedly secure passwords.

I'm starting to think the hacking can only be prevented by using 2FA. Which I'm now using for important accounts but what a pain to use every time I want to check in at a forum!!
 

Mathias

Messages
357
Reactions
687
I'm seeing reports on another gun forum that not even secure passwords are safe.... wondering if that is because of logging in with Google or Facebook, or if it is because of letting browsers like Firefox save those supposedly secure passwords.

I'm starting to think the hacking can only be prevented by using 2FA. Which I'm now using for important accounts but what a pain to use every time I want to check in at a forum!!
Duckduckgo
 

bbbass

Messages
14,368
Reactions
31,046
According to one source at the other forum, the hackers are not necessarily targeting individual IPs, but rather hacking the servers where the password "hashes" are stored. It's pretty technical, but we'd be surprised at how some servers don't do a very good job of maintaining unique passwords and instead have a number of duplicates that hackers can take good advantage of...
 

bbbass

Messages
14,368
Reactions
31,046
You are not tracked like google or FB.
That is true. But I was talking about people using their Google account (which one has if using Gmail or an Android phone) or their FB account to log into another website. You've probably seen the tabs that allow one to do that as a shortcut and I'm saying it's not a good idea. Nothing to do with search engines at all.
 
Messages
1
Reactions
1
There are many techies here that know a lot about all this stuff... but here is some info on how passwords are stored on servers: https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/
That is a best practice, but not a guarantee that a company will actually follow those practices.

Legacy systems are especially prone to not implementing best practices like this since they often have to interface with other systems and changing the authentication mechanism would "cost too much".

https://haveibeenpwned.com/ is a great (and reputable) resource for finding site that have had data breaches. For each breach that contains your data was leaked in, it will provide details about how the breached passwords were stored (e.g. poor cryptography that resulted passwords being resolved to plain text, hashed - but not salted - password, salted passwords that were hashed - as described in the article above, etc)
 
Copeland Custom Gunworks
Southwest Firearms
Advertise on Northwest Firearms
Let Freedom Ring
Cerberus Training Group
Sporting Systems

Latest Resource Reviews

New Classified Ads

Top