Thank you for the suggestion.
That is a deeper level of thinking. I think the assignment is to build a functioning website that stands up to normal usage. Handling people hacking in maliciously is not part of the assignment. But you are right, that that is something important to consider if your building real world apps.
But if I need to check people hacking in and forcing too many choices, then I also need to check every possible bit of data that’s sent to it - the amount of choices, that choices are unique, that they are not too long, that they are printable characters, and similar things for the title and username. Then I’d have to do the same thing for registration. Wouldn’t every put and post request need every piece of data sent to it validated?
It’s a shame there isn’t away to prevent all http methods that aren’t originating in the code. I don’t understand this well enough, but perhaps there is no way for the code to confirm it that can’t be spoofed.
There are some built in validation techniques in mongoose schema - I think I’ll look into those on the next build.
I don’t think I’m going to worry about it on this project since it is not a requirement. But thank you for making me think about it. That will be an important topic if I do this professionally.
And I finally figured out the message on the poll delete - thanks for that.