jtojnar
commented
9 years ago Apparently this problem never existed. I must have been confused somehow as the clients never sent their name with the message.
Closed jtojnar closed 9 years ago
jtojnar
commented
9 years ago Apparently this problem never existed. I must have been confused somehow as the clients never sent their name with the message.
Currently the only identifier of message sender is name contained in message. This can be exploited when some client sends message with another user's name. This can be fixed by generating secret tokens for users and using them as communication authenticity verification keys.
Relevant issue: #2