Facebook lets source code slip

By on
Facebook lets source code slip

Misconfigured web server leaves site red-faced.

A portion of the source code for social networking site Facebook was inadvertently made available recently because of an incorrectly configured web server hosting the code.

A copy of the code was posted on the Facebook Secrets blog which appears to have been created specifically to post the code.

"A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately," said Brandee Barker, a spokeswoman for Facebook.

"It was not a security breach and did not compromise user data in any way. Because the code only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook."

The leak comes just weeks after the site's founder had to defend himself against allegations that he stole the source code source from fellow university students.

The problem appeared when the page showed the un-interpreted source code for the main index page rather than returning the standard output.

The problem has been put down to a server misconfiguration, or a known bug in the Apache server which may occur when the server experiences high loads.

Despite Facebook's assertions that there are no security issues surrounding the leak, security experts have warned that access to the application source code is always useful to hackers looking to subvert or compromise a website.

"Anytime that source code is accidentally revealed, there is potential for an increase in risk," said Pete Lindstrom, a senior security analyst at Burton Group.

He added that when a company dismisses the security implications of such an incident, there are likely to be real security issues.

"There are enough folks out there trolling the websites who will be perfectly happy to try to identify vulnerable areas that could be exploited," said Lindstrom.

"If you release source code into the wild, you are going to have some level of increased risk associated with it. I cannot think of a case where you would not."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk

Most Read Articles

Log In

  |  Forgot your password?