Presenter security: secret key should be mandatory in all presenter actions
mvdbos opened this issue · comments
Matthijs van den Bos commented
Currently, the 'security' is all client side an can be easiy circumvented. Anyone can take over a slideshow as presenter by setting isPresenter to true.
The only way to prevent this, is to make sure that all presenter operations need the secret key to complete succesfully. That means the key needs to be checked on the serverside for each operation... Right?
Any ideas how to fix this?
Matthijs van den Bos commented