What security mechanisms does Meteor have ?

What security mechanisms does Meteor have ?

Asked on November 15, 2018 in Meteor.
Add Comment


  • 3 Answer(s)

    Here is an Solution:

              When you create a app using meteor command, by default the app includes the following packages:

    1. Autopublish
    2. Insecure

    Together, these mimic the effect of each client having full read/write access to the server’s database. These are useful prototyping tools were development purposes only, but typically not appropriate for production applications. When you’re ready for production release, just remove these packages.

     

    Answered on November 15, 2018.
    Add Comment

    Alternate way to this,

                Client is given full write access to the collection. They can execute arbitrary Mongo update commands. Once we build authentication, you will be able to limit the client’s direct access to insert, update, and remove. We are also considering validators and other ORM-like functionality.

    Answered on November 15, 2018.
    Add Comment

    Try this,

    •  A client not to use any of your unauthorized insert/update/delete API, thats possible.
    • See their, todo app at https://github.com/meteor/meteor/tree/171816005fa2e263ba54d08d596e5b94dea47b0d/examples/todos
    • Also, they have now added a built in AUTH module, that lets you login and register. So its safe. As far as you are taking care of XSS , Valiations, client headers etc.
    • But you can anyday convert meteor app into fully working nodejs application by deploying to node. So if you know how to secure a nodejs application you should be able to secure meteor.
    Answered on November 15, 2018.
    Add Comment


  • Your Answer

    By posting your answer, you agree to the privacy policy and terms of service.