Any direct reference to an object in our database (in our case MongoDB ObjectIds) poses a security risk if exposed to end users. Where a unique reference is needed on the frontend we should rely on unique identifiers that are decoupled from the database (usernames, course ids & terms, etc.).
Any direct reference to an object in our database (in our case MongoDB ObjectIds) poses a security risk if exposed to end users. Where a unique reference is needed on the frontend we should rely on unique identifiers that are decoupled from the database (usernames, course ids & terms, etc.).