Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p><strong>[UPDATE]</strong> There is now an official and documented Auth Package which provides different solutions to secure a collection.</p> <p>On a CRUD level :</p> <blockquote> <p>[Server] collection.allow(options) and collection.deny(options). Restricts default write methods on this collection. Once either of these are called on a collection, all write methods on that collection are restricted regardless of the insecure package.</p> </blockquote> <p>And there is also <code>insecure</code>to remove full write access from the client.</p> <p>source : <a href="https://github.com/meteor/meteor/wiki/Getting-Started-with-Auth" rel="nofollow noreferrer">Getting Started with Auth</a> (thanks to @dan-dascalescu)</p> <hr> <p>[OLD ANSWER]</p> <p>Apparently there are working on Auth Package(?) that should avoid any users taking full control on the db as it is now. There is also someone suggesting that there is an existing solution (workaround) by defining your own mutations (methods) and make them failed if they attempts to perform an unauthorized action. I didn't get it much better but I think this will often be necessary since I doubt the Auth Package will let you implement the usual auth logic on a row level but probably only on the CRUD methods. Will have to see what the devs have to say.</p> <p>[EDIT] Found something that seems to confirm my thoughts :</p> <blockquote> <p>Currently the client is given full write access to the collection. They can execute arbitrary Mongo update commands. Once we build authentication, you will be able to limit the client's direct access to insert, update, and remove. We are also considering validators and other ORM-like functionality.</p> </blockquote> <p>Sources of this answer : </p> <p><a href="https://stackoverflow.com/questions/10110743/accessing-to-db-at-client-side-as-in-server-side-with-meteor">Accessing to DB at client side as in server side with meteor</a></p> <p><a href="https://stackoverflow.com/questions/10100813/data-validation-and-security-in-meteor/10101516#10101516">https://stackoverflow.com/questions/10100813/data-validation-and-security-in-meteor/10101516#10101516</a></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload