I’m worried that people will use scripts to hack their way into my app! How can I verify that my users are real people?

Use the fb:captcha tag to display a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) on your page. The simplest form is:

<form method="post" action="http://someserver.com/somePage.php">
    <fb:captcha />
</form>

which will give you something like Figure 6-61.

Figure 6-61. Facebook CAPTCHA

CAPTCHAs were originally created in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper (all of Carnegie Mellon University), and John Langford (then of IBM). The general idea is to present users with a distorted image of a word, which computers would find very difficult to decipher but which people should be able to read quite easily. Early CAPTCHAs were quickly defeated by sophisticated algorithms, but more modern ones have surpassed all but the most dedicated of hackers (or hackers smart enough to outsource the work of cracking them to people in places such as Russia, who are reputedly paid $3/hr to interpret image after image). The acronym is an extension of the concept of a Turing test, first proposed by Alan Turing and postulated as the ultimate test for artificial intelligence: the ability to convincingly pass as human (i.e., to demonstrate intelligence). This is almost a reverse ...