[英]Integrate node.js chat with smf forum
I'm making a chat with node.js
to integrate with my smf forum. 我正在与
node.js
聊天以与我的smf论坛集成。 In the chat database i want to insert objects like this: 我想在聊天数据库中插入如下对象:
{
"userid" : "smf_id",
"nick" : "smf_username",
"shout" : "testing",
"date" : 1403554769,
"_id" : ObjectId("53a88bd134ac7be005000001")
}
But anyone can open the console and trigger the emit event with the data they want. 但是任何人都可以打开控制台并使用他们想要的数据触发发射事件。 They can forge
userid
and nickname
. 他们可以伪造
userid
和nickname
。 Is there any way to prevent this? 有什么办法可以防止这种情况?
Your chat server should not blindly add entries to the database directly from the client. 您的聊天服务器不应直接从客户端向数据库盲目添加条目。
You should have the client send a subset of the data contained in an entry (eg send just the "shout" attribute), and have the server infer the rest of the information from the connection-specific and global environment. 您应该让客户端发送条目中包含的数据子集(例如,仅发送“ shout”属性),并让服务器从特定于连接的全局环境中推断其余信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.