You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So here is the problem, when for example we do a model.find, the object that is returned by mongoose (and passed straight through our model layer) has an update method, with direct access to the underlying database.
If an unsuspecting developer, were to say change the password on the user object, and then call update with the objects id, it would end up bypassing any useful checks the model layer was doing to protect itself.
This is too much power / responsibility for the controller, and needs to be locked down. Any methods exposed on objects that the model layer returns, must not be able to break the model.
I think that the simplest thing to do is call .toObject on the objects returned by mongoose, before returning them from the model layer. This means that there will be no functions on the objects returned to the controller layer at all.
The controllers then cannot call any methods on objects directly, but must instead use the interface provided by the model.
The text was updated successfully, but these errors were encountered:
ghost
assigned 
So here is the problem, when for example we do a model.find, the object that is returned by mongoose (and passed straight through our model layer) has an update method, with direct access to the underlying database.
If an unsuspecting developer, were to say change the password on the user object, and then call update with the objects id, it would end up bypassing any useful checks the model layer was doing to protect itself.
This is too much power / responsibility for the controller, and needs to be locked down. Any methods exposed on objects that the model layer returns, must not be able to break the model.
I think that the simplest thing to do is call .toObject on the objects returned by mongoose, before returning them from the model layer. This means that there will be no functions on the objects returned to the controller layer at all.
The controllers then cannot call any methods on objects directly, but must instead use the interface provided by the model.
The text was updated successfully, but these errors were encountered: