I'm making a chat with node.js
to integrate with my smf forum. In the chat database i want to insert objects like this:
{
"userid" : "smf_id",
"nick" : "smf_username",
"shout" : "testing",
"date" : 1403554769,
"_id" : ObjectId("53a88bd134ac7be005000001")
}
But anyone can open the console and trigger the emit event with the data they want. They can forge userid
and nickname
. Is there any way to prevent this?
Your chat server should not blindly add entries to the database directly from the client.
You should have the client send a subset of the data contained in an entry (eg send just the "shout" attribute), and have the server infer the rest of the information from the connection-specific and global environment.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.