Currently the only identifier of message sender is name contained in message. This can be exploited when some client sends message with another user's name.
This can be fixed by generating secret tokens for users and using them as communication authenticity verification keys.
Currently the only identifier of message sender is name contained in message. This can be exploited when some client sends message with another user's name. This can be fixed by generating secret tokens for users and using them as communication authenticity verification keys.
Relevant issue: #2