S
S
sferos2016-11-10 11:09:51
JavaScript
sferos, 2016-11-10 11:09:51

Name validation in web application?

There is a small web application, a game written in javascript (client side) and node js && socket.io (server side). At the moment, the username is obtained on the client side via XMLHttpRequest from the database ($_session [user_id ] looks and username is found), but the problem is that this name can be faked without any problems and, in fact, absolutely any value can be sent to the server. Any suggestions on how to get the name from the database on the server side? and you won't be able to find the string by "where user_id=?".

Answer the question

In order to leave comments, you need to log in

1 answer(s)
F
Fadi Haj, 2016-11-10
@sferos

Use JWT .
In your case:
1. On the server, we generate a JWT token: payload { "username": ... }
2. Instead of username, we pass the token
3. On the server, we check and get username from the token.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question