Hello,
I am learning development and I do not know much about security.
I'm doing a web application using Nodejs
+ Expressjs
+ AngularJs
+ MongoDB
. I did as follows, the MongoDB data is sent to a URL using the Post
method, and then I "access" that data with AngularJs and display it on the screen. I wonder how insecure this is.
Here is the code:
First I created a Schema from my MongoDB collection:
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var userSchema = new Schema({
nome: String,
idade: Number,
CPF: String,
email: String
});
var User = mongoose.model('User' , userSchema );
module.exports = User;
Then I got this Schema in a file and created a URL and sent the data using POST
method
var express = require('express');
var router = express.Router();
var mongoose = require('mongoose');
var User = require('../models/users');
//Se aqui for router.get os dados serão exibidos na URL localhost/api/users
//Então usei router.post
router.post('/api/users' , function(req, res, next){
User.find(function(err, users){
res.json(users);
});
});
module.exports = router;
Finally, I got the data from the URL and displayed on the screen with Angular:
app.controller("RBScontroller", function ($scope, $http) {
$scope.enviar = function enviar(){
var ApiMongo = 'http://localhost:3000/api/users';
$scope.users = [];
$scope.loading = true;
$http.post(ApiMongo).success(function(data) {
console.log(data);
$scope.users = data;
$scope.loading = false;
}).error(function(msg) {
angular.element($(function(){alert("Fail")}));
$scope.loading = false;
});
}
});
Does this method leave the data exposed in any way? Thanks