Hi Kenneth!
A few suggestion as for how to solve the issues you’re facing:
-
Separate your platform into few pages.
Make a page for the search, a members-only page to verify the user’s info, a page to display the
account’s info. Why? Backend code! -
Backend code.
For maximum security write the verification code in your backend service.
Use the query in the backend and send to it the SSN from the search page in the frontend.
Once a result is found, take the ‘_ID’ (usually is set as invisible field in the collection) of the item and
return it to the verification page. Use the returned ID to present the current info and verify it through a
triggered email or SMS (send a code to the user and ask him to insert it on the verification page).All the verifications and checks of the database should be done in the backend for maximum security
and protection of the data. -
As for presenting the data,
Pushing the results of the query into a table works totally fine but you need to make sure that the results
you’ve got are valid (res.length > 0 means that there are results for the search). That the searched input
is not empty (otherwise table.hide( ) ). And that the searched field is a unique one (anyone can search
and log with any email address and several times with the same one).
Hope it helps.
Best of luck!
Doron. 