If I wanted to implement some sort of chat tool in my django webapp, implemented with basic ajax polling as opposed to comet, what should I do to secure it, besides running over SSL. Should I just use the permissions app for each chat session and generate a random token to be accessed in my urlconf? Are there better/different approaches to this sort of thing?
A:
I think I could just make a room model with a ManytoMany Field indicating users, a queue for the chat history, and as users leave, I'd just remove their username from that model. So, when submitting post requests, I could just use the cookie in django.contrib.auth for sessions to validate data transfer. I think that should be secure, so that illegal users can't generate their own post request for the data.
Anil
2010-09-08 04:28:36