Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

6
  • 1
    Sounds Awesome. I think another strategy with respect to limit who can send messages to who is make the user accept some sort of invitation request before allowing the sender to send any messages just like Skype does (for example). Commented May 31, 2020 at 19:51
  • 1
    Sure. Or have an initial limit of 1-2 messages for new contacts, and increase it as users reply to each other. Commented May 31, 2020 at 21:14
  • 3
    sockets are a constant connection, there's no need to identify the sender each message because only the sender can send on that connection anyway. Once the user id is verified, there's no need for a secondary ID/handle. Commented Jun 1, 2020 at 4:26
  • 2
    @dandavis that's true, but with mobile browsers it seems that there might be some problems with that approach. Thus, some form of session may not be a bad idea. Commented Jun 1, 2020 at 9:46
  • 1
    @user253751 so you limit account creation per source IP/range/location/in general to a reasonable threshold - and optionally add a captcha in the creation process. If your app model is fine with this, alternatively (or in addition) fall back to use shared login services (Facebook) or require a phone number. For a small service not necessary to have all from the start, but it might need to grow its defensive capabilities as its popularity grows. Commented Jun 1, 2020 at 13:53