Y
Hacker News
new
|
ask
|
show
|
jobs
by
EugeneOZ
4601 days ago
Never send DB output directly to frontend, send object, filled by only necessary values from DB output. Otherwise you'll meet security issues and these "_" prefixes will be smalles part of your problems.
2 comments
Kiro
4601 days ago
And how are you supposed to do that using Mongolab, MongoHQ or Firebase?
link
knewter
4600 days ago
you seem to be taking as a given that those are acceptable things to do.
link
lowboy
4600 days ago
And you seem to be implying that they're
not
okay to do. Feel free to substantiate your opinion.
link
eknkc
4601 days ago
I do that. It's not about sending them directly. It's the underlying field name. I just keep _id fields as _id fields when I prepare data for output.
link