Social networking has become a popular way to be in contact with each other. Inrnsocial networking, people tend to share a wide range of information with otherrnusers of the networking site. Here, security of personal information has become arnmost critical issue. One of the important issues in online social network is thatrnhow user privacy is protected because online social network providers have fullrncontrol over users' data. The online social network providers typically store users'rninformation permanently. Meanwhile, the trend in information security is mov-rning the security perimeter as close to the data as possible. We want to movernthe perimeter closer to the data, but do this without being able to derive whornis accessing which data. An e cient privacy protection mechanism is importantrnfor online social networking sites that can be used to protect the privacy of onlinernusers' data from third parties. An access control mechanism shifts the control overrndata sharing back to the users by providing them with rnexible and dynamic accessrnpolicies. Hence, instead of relying on credentials given by a person trying to accessrninformation, there is a need to protect the data using only the data itself. In thisrncontext where decryption of data is made possible by already knowing some partrnof the data. This thesis work discusses the implementation of data based accessrncontrol in social networking sites. That is, personal information is made availablernonly to those who already have some of this information. We de ned and analyzedrntypes of data based access control methods (direct, indirect and order-invariantrndata based access control methods). An e ort is made to design suitable policyrnirnin order to apply them to social networking sites. We implemented our solutionrnin a prototype platform for social networking sites using a Java based prototypernand My Structured Query Language (MySQL) database. Our experimental re-rnsults verify the e ectiveness of indirect data based access control method overrnsocial networking sites. This mechanism provides enhanced security features fromrnboth eavesdrop attacks and provider attacks. Moreover, we present a performancernstudy of the implemented prototype.rnKey words: Data Based Accessed Control, Social Network Security, AccessrnControl Policies.