jadesym
commented
8 years ago For now, just remove the password/merchantId from the Restaurant object when you pass it in to the front end for now. We can deal with moving it out later.
Closed mathew-kurian closed 8 years ago
jadesym
commented
8 years ago For now, just remove the password/merchantId from the Restaurant object when you pass it in to the front end for now. We can deal with moving it out later.
jadesym
commented
8 years ago I have a feeling that the merchant id isn't a security issue because it might only be accessible to grab data from it with our credentials. I'm looking into this further
jadesym
commented
8 years ago Confirmed this with Braintree. The merchant id that's passed to the front end itself is not a security flaw. @bluejamesbond
Braintree information is being sent the front-end since they are part of the Restaurant object. Generally, it should be Restaurant object which is JOINED with a Payment table.
PS. The password is also being sent atm