O'Reilly logo

HTML5 Data and Services Cookbook by Mite Mitreski, Gorgi Kosev

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security mechanisms in Meteor.js

There has been a lot of controversy around the security in Meteor. Database everywhere does not scream security. We are using the same API for the client- and server-side code, and it does not take a genius to tell that we can also delete collections. After playing around for a while with the JavaScript console, we could easily delete all the Users in our previous example. You can always roll your own implementation for the security; for example, you can override the default server method handlers, making the Users and Images collections accessible from the client:

Meteor.startup(function () { var collection = ['Users', 'Images']; var redefine = ['insert', 'update', 'remove']; for (var i = 0; i < collection.length; ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required