Title: security question
Last modified: August 22, 2016

---

# security question

 *  Resolved [ReveDreams](https://wordpress.org/support/users/revedreams/)
 * (@revedreams)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/security-question-8/)
 * One more thing: Facebook explicitly says not to hard-code your App Secret anywhere,
   but it’s visible in plain text in the WordPress back end of EME Sync FB Events.
   Since the FB app has no users, I’m guessing there’s not much risk, but since 
   I’m using this for websites I won’t retain control of I wanted to check your 
   thoughts.
 * [https://wordpress.org/plugins/eme-sync-facebook-events/](https://wordpress.org/plugins/eme-sync-facebook-events/)

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Author [Franky](https://wordpress.org/support/users/liedekef/)
 * (@liedekef)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/security-question-8/#post-5401020)
 * That’s not hardcoding, that’s configuring 🙂
    Hardcoding would be e.g. that my
   App secret was in the plugin’s code.
 *  Thread Starter [ReveDreams](https://wordpress.org/support/users/revedreams/)
 * (@revedreams)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/security-question-8/#post-5401067)
 * 🙂 Well, all right then, but wouldn’t the point be the availability of the Secret?
 *  Plugin Author [Franky](https://wordpress.org/support/users/liedekef/)
 * (@liedekef)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/security-question-8/#post-5401078)
 * You can configure who has access to wordpress settings, that’s not the task of
   a plugin.
    You could argue the same thing about the mysql username and password
   in the wordpress configuration file. The Facebook api forces us to use an app
   id and secret, and I need to provide a way for people to enter it somewhere, 
   a file would not be very user friendly. I don’t see any other way of doing this…
 *  Thread Starter [ReveDreams](https://wordpress.org/support/users/revedreams/)
 * (@revedreams)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/security-question-8/#post-5401242)
 * You’re right, it’s analogous to the database login. Finally got my client his
   own FB developer account today. Of course now I have another question for another
   thread. Thanks for your patience!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘security question’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/eme-sync-facebook-events.svg)
 * [EME Sync Events](https://wordpress.org/plugins/eme-sync-facebook-events/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/eme-sync-facebook-events/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/eme-sync-facebook-events/)
 * [Active Topics](https://wordpress.org/support/plugin/eme-sync-facebook-events/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/eme-sync-facebook-events/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/eme-sync-facebook-events/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [ReveDreams](https://wordpress.org/support/users/revedreams/)
 * Last activity: [11 years, 6 months ago](https://wordpress.org/support/topic/security-question-8/#post-5401242)
 * Status: resolved