|
|
|
|
|
|
by Kiro
4047 days ago
|
|
|
What I don't understand with Meteor is how you can build secure applications if you actually write your database queries in the front-end. Can someone enlighten me? How do you hide logic or prevent people from manipulating however they want? |
|
|
1. You can write allow/deny permissions rules to allow only certain modifications: http://docs.meteor.com/#/basic/Mongo-Collection-allow
2. You can not use client-side modifications at all and instead write all of your database code inside Methods, which are basically supercharged RPCs that give you automatic optimistic UI updates: https://www.meteor.com/try/10
I think this issue comes up a lot because new Meteor apps come with the "insecure" package by default to enable faster initial development and debugging, but most or all production apps will remove this package.
(I work at Meteor)