node.js - The "right way" to architecture voting with Mongoose? -

-

i'm creating web app using mongoose/mongodb store information voted on. i'll storing usernames , ip addresses vote (so voters can update/modify votes if desired).

root question: what's best way securely architecture voting in mongoose schema?

currently, schema looks (simplified):

var thing = new schema({   title: {     type: string   },   creator: {     type: string   },   options: [{     description: {       type: string     },     votes: [{       username: {         type: string       },       ip: {         type: string       }     }]   }] });  mongoose.model('thing', thing);

while makes querying db given thing super easy, becomes more problematic security obvious reasons - don't want returning out usernames , ip addresses browser.

the problem is, i'm not sure best/least painful scenario securely returning thing data browser:

  1. loop through each option in thing.options, sub-loop through each vote in thing.options[i].votes find vote cast user requesting data, delete votes rid of other user data. seems resource intensive, couldn't find way use indexof in subarrays (guidance welcome on one), i.e. thing.options.votes.indexof(username) or effect.

  2. store vote information in already-existing user schema, have search through users vote data , stick every time want query single thing. seems inefficient/more resource intensive/more complicated necessary.

  3. create separate vote schema stores data more conveniently, adds database call (one thing, 1 vote).

this problem compounded fact there different ways vote, being simplest.

research...for posterity's sake:

this question addresses voting in databases, relational db, not mongodb/mongoose.

this question addresses mongoose/node.js app architecture, nothing votes.

this npm module adds voting mongoose schemas, doesn't quite fit needs.

this post looks promising, author sort of doing i'm describing in point 1 above (see listing 13 on author's post), still creates nested loop, starting in line 22 of listing 13, loop through each choice/option, through each vote each choice/option.

as quick hint - prevent leaking of ip addresses db - suggest add collection store vote sensitive data, still have other vote data in same document.

this gives small overhead when storing data, design ip info not provided caller , there no need data scrubbing on every call, secure data.


Comments

Post a Comment

Popular posts from this blog

ios - RestKit 0.20 — CoreData: error: Failed to call designated initializer on NSManagedObject class (again) -

-
this error has shown on many times, seems. prominent answer issue seems restkit 0.20 — coredata: error: failed call designated initializer on nsmanagedobject class however, solution posted doesn't work me. let's start beginning: i want upload file server. want parse response make sure uploaded. if not, try again later. model has boolean variable called nsnumber *senttoserver purpose (in coredata, bool saved nsnumber ) . because don't know whether sending going successful, save entity coredata model first before sending via restkit. when post request successful, server returns json string this: {"id":14,"created":true} notice that, of course, id not set on coredata model yet, both id , created new informations model. here's model: @interface recording : nsmanagedobject @property (nonatomic, retain) nsstring * audiofilepath; @property (nonatomic, retain) nsdate * createdat; @property (nonatomic, retain) nsstring * deviceid; @
Read more

java - Digest auth with Spring Security using javaconfig -

-
so i'm trying create digest authentication spring following documentation trying translate xml "requirements" in java requirements. let's have xml in docs: <bean id="digestfilter" class= "org.springframework.security.web.authentication.www.digestauthenticationfilter"> <property name="userdetailsservice" ref="jdbcdaoimpl"/> <property name="authenticationentrypoint" ref="digestentrypoint"/> <property name="usercache" ref="usercache"/> </bean> <bean id="digestentrypoint" class= "org.springframework.security.web.authentication.www.digestauthenticationentrypoint"> <property name="realmname" value="contacts realm via digest authentication"/> <property name="key" value="acegi"/> <property name="noncevalidityseconds" value="10"/> </b
Read more

laravel - PDOException in Connector.php line 55: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) -

-
my .env: app_env=local app_debug=true app_key=myappkey app_url=http://localhost db_connection=mysql db_host=localhost db_port=3306 db_database=gestiontaller db_username=root db_password='root' cache_driver=file session_driver=file queue_driver=sync redis_host=127.0.0.1 redis_password=null redis_port=6379 mail_driver=smtp mail_host=mailtrap.io mail_port=2525 mail_username=null mail_password=null mail_encryption=null i've tried password ", ' , without, restarting server every time. i've tried changing localhost 172.0.0.1. yes, password correct, running mysql -u root -p introducing password root in prompt can go mysql. users table: +------------------+-----------+ | user | host | +------------------+-----------+ | debian-sys-maint | localhost | | mysql.sys | localhost | | root | localhost | | root1 | localhost | +------------------+-----------+ i've added homestead.yaml this: database_port: 3306
Read more