Just a brief intro this is an updated version of my previous Python Chatroom post
Link is here: https://repl.it/talk/share/Python-Public-Chatroom/21474
For public viewers please use the route "public"
~> Public chatroom that is more secure (Can't pretend to be a mod)
~> Private chatroom (Only for close friends for now)
~> /read to read messages without having to press enter (But if you want to send a new message restart the program
~> /quit to quit and change routes (As in for those allowed into the private chats)
~> /kick to kick everyone from a certain chatroom (For mods only)
~> Client and server separated, and server is a private repl so that its very secure
A journey of a thousand lines begin with a single line
@Foster_Bryant Ok so I am storing the messages using the json_store_client module and using its class to save and retrieve it. The key however, is hidden in the server and can be only retrieved if you have the route. The server returns the key using a simple Flask function.
This isn't much of an amazing change from V1 of your chatroom. A bunch of unnecessary bcrypt hashes, the "private rooms" functionality isn't too amazing, and I can't look at the server code to see any exploits / bad code.
what is the route
I hate to say it, but all you need is a bcrypt utility and you can get into lone's account.
I suggest using salts in your encryption, to slow down intrusions.
@GabeEE you don't even need to have the password, or crack it, or anything. all you need to do it remove the code that checks the password/removes
[MOD] and you're good. the "server" itself only returns a jsonstore secret anyways so all you need to do is take that and you can edit anything you want, even wipe the chat.
@LoneAce I don't give my instagram out to internet ppl.
Also you can authenticate by IP address by saving an array of "good" ip addresses, and comparing the user who connects to the array, and if they are in there, accept their moderation command