• United States



by Dave Gradijan

Facebook Homepage Source Code Leaked

Aug 15, 20072 mins
Build AutomationCSO and CISO

Facebook is downplaying the impact of a misconfigured server over the weekend that revealed the source code powering the social networking site, saying it posed no threat to data security.

Nonetheless, Facebook warned that republishing the code is against the law as copies of it proliferated on blogs and other websites. The blog Facebook Secrets is widely credited as first publishing the code.

“It was not a security breach and did not compromise user data in any way,” according to a post by Facebook spokeswoman Brandee Barker on the Techcrunch blog. “The reprinting of this code violates several laws, and we ask that people not distribute it further.”

If an Apache Web server is misconfigured, it’s possible for the server to publish files of PHP—a programming language used to create dynamic webpages—as regular text files, said Ronald van den Heetkamp, who runs the blog “The Hacker Webzine.”

Social networking sites have become an increasing security concern due to the vast amounts of personal data that could potentially be used for identity theft and other scams.

Commentators on Facebook Secrets differed somewhat over the significance of the code’s release, which some characterized as a sloppy smattering of PHP to others who found the code an intellectual curiosity.

“There is nothing special or unique for you to see here, just the working framework for a PHP-built site,” wrote a commentator under the name “Azzam.” “Anyway, the media has played some hype on you and the leak is nothing but a tech glitch.”

Others who saw the code generally agreed with Facebook’s evaluation of the mistake.

“This is hardly any threat to Facebook, as this source code exposes nothing overly sensitive other than their naming conventions of functions and objects,” wrote a user under the name Shelley. “That said, as a programmer, I did enjoy the chance to see how some people approached making a social site like that from a logic stand point. Good read!”

— Jeremy Kirk, IDG News Service (London Bureau)