You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to implement a private messaging system using socket.io
In order to associate the users with their sockets, most sites are suggesting this:
var people = {};
client.on('connection', function(socket) {
//join the server
socket.on('add user', function(user_id) {
//create user-socket map
people[user_id] = socket.id;
});
});
But isn't it wrong? The user_id is sent from the client side, so if the user modify it and send another user's id an impersonation will take place. How can someone avoid this?
The text was updated successfully, but these errors were encountered:
Hi all,
I'm trying to implement a private messaging system using socket.io
In order to associate the users with their sockets, most sites are suggesting this:
But isn't it wrong? The user_id is sent from the client side, so if the user modify it and send another user's id an impersonation will take place. How can someone avoid this?
The text was updated successfully, but these errors were encountered: