Integrate node.js chat with smf forum

Question

I'm making a chat with node.js to integrate with my smf forum. In the chat database i want to insert objects like this:

{
    "userid" : "smf_id",
    "nick" : "smf_username",
    "shout" : "testing",
    "date" : 1403554769,
    "_id" : ObjectId("53a88bd134ac7be005000001")
}

But anyone can open the console and trigger the emit event with the data they want. They can forge userid and nickname. Is there any way to prevent this?

score 0 · Accepted Answer · answered Jun 23 '14 at 22:03

0

Your chat server should not blindly add entries to the database directly from the client.

You should have the client send a subset of the data contained in an entry (e.g. send just the "shout" attribute), and have the server infer the rest of the information from the connection-specific and global environment.

answered Jun 23 '14 at 22:03

Max Nanasy

5,871
7
33
38

Of course, it makes perfect sense. I've managed to do it. Thank you very much! – user3768946 Jun 23 '14 at 22:54

Integrate node.js chat with smf forum

1 Answers1