Introduction

This document describes the key design problem statement and probable solutions for
securing discussion forum api’s.

Background

As of now, any portal logged in member can make the discussions in any group, Once he have portal session, By hitting the post apis by changing nodebb cid’s randomly.

Problem Statement

• How to make discussion forum api’s secure?

• how to verify, If the user is part of group before adding topics and posts?

Solution

Open