Hello devs, how are you all doing?
I really need a small guidance.
I heard that sending _id to the front-end/client is unsafe, but some devs told me it’s safe. I really need confirmation, please. I don’t want to mess up the project.
Thanks in advance.
Did the ones who told you explained why it is unsafe?
Yes a little bit, they told it can find you machine & timestamp which could go wrong.
But as per my research, MognoDB already fixed it, otherwise why they would add _id as default with .findById functions and all.
ah, i don’t know why this is unsafe though. Many locally generated ids use machine/hardware/time information to make them as unique as possible, and those ids are being passed everywhere. Some of them may even have public format standard.
Agreed, like if it’s unsafe, users need to create a new unique id/uuid and index it, which sounds expensive for multiple collections. And if it’s unsafe, then YouTube/Udemy tutorials would have already covered it, & also MongoDB wouldn’t allow it to be used.