0

If the sender is an unknown party?

I have this scheme I'm developing with rooms and tilesets for playing. Basically, besides allowing players to host their rooms through the browser through Peer.js, I want to allow them to host permanent servers by connecting to the room lister with Node.js and socket.io-client.

Then I thought these server rooms should have more privileges, like creating their own items and descriptions, making it really moddable. But to do that they need to alter the default tileset.

I thought about having them upload the tileset somewhere and send a link to download, but I know that is certainly not secure! And uploading it to the room lister is something I don't want since I want to keep the room lister minimal and with minimal load. Don't wanna deal with captchas or authentication for abuse either.

So I thought sending the tileset through socket.io might do it, but just to be certain I wanted to ask this here, after worrying so much about the risks I had to make sure, and I couldn't find much about this concern anywhere (I guess they just assume it will come from a trustable site.)

So, are there any immediate exploits I'm overlooking? I'm nowhere near a security export so I had to ask...

Capaverde
  • 1
  • Have you read the different topics : [secure socket.io](http://stackoverflow.com/questions/11519777/how-do-i-secure-socket-io), [securing socket.io](http://stackoverflow.com/questions/14600472/securing-socket-io) ? – Answers_Seeker Dec 28 '15 at 15:56
  • Those are about authentication only, which is not what I'm looking for. I'm aiming for something "open for everyone" without registration. I want to know if it's possible for a third party to tamper with the messages for unwanted side-effects, or if I shouldn't worry about it. – Capaverde Dec 28 '15 at 19:23

0 Answers0