So I have a form that will allow someone to enter the id of a live socket.io socket. On submit, the server will take that id and broadcast a message using it.
So on the server is essentially:
app.post '/', (req, res) ->
socket_id = req.body.socket_id
io.to(socket_id).emit('message', {hello: "world"})
res.redirect '/'
This also obviously means that I am exposing the id in plaintext somewhere.
How would this affect the overall security of the application? Would it be possible for someone to use this id to attack my application?