Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>I'm pretty sure it's not possible to selectively load scripts within a Meteor app at this time. The one exception is that you can protect any sensitive code by putting it in the <code>/server</code> directory (which does not get sent to the client) and lock down data as @Patrick Coffey suggested (also making use of Meteor <code>method</code>s). If you do this, you don't have to reveal your full model schema, authentication rules, or sensitive algorithms to the client, and you can tightly control which records and even fields of records are visible to the client. It works well, and you can choose the level of convenience/performance vs. security you want by how open-ended you make your API. </p> <p>If your templates and helpers are sensitive, you'll have to wait until server-side rendering is introduced (<a href="https://trello.com/c/Lz07fBAm/7-server-side-rendering" rel="nofollow">it's on the roadmap</a>) or cook up your own solution without Meteor's help, but I think there may be a reason to look a little deeper at the question. The premise of your concern appears to be that authenticated users will somehow be more trustworthy than non-authenticated users, but in most situations (even inside a company), there is a likelihood of there being users that are also untrustworthy – or users whose accounts get hacked - and these people will always have access to anything you send to the browser. So from that perspective, it makes sense to be sure you don't put important secrets in templates or client-side code regardless. For most apps, though, templates and helpers will not be sensitive, and if you set up your server well, hacked templates won't be able to access anything that normal templates can't.</p>
    singulars
    1. This table or related slice is empty.
    1. POCan I avoid serving all js to clients not logged in?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USrdickert
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. COI don't have any special need to hide stuff from authenticated users - other than by use of the usual best practices you mention. I simply want to avoid sending the entire client-part of the app to unauthenticated clients, they need not get even a glimpse of my ingenious code :-)
      singulars
      1. PO
      1. USjanka
    2. CO:D Fair enough! Barring some serious hacking, I'd say "watch this space" is probably the best answer for now. Things should change somewhat as the framework edges toward 1.0, slated for "early 2014." Even then, I'm not 100% sure your concerns will be fully addressed, so if this is a deal-breaker, I'd recommend caution. This is my personal speculation, though; I'm not associated with MDG in any way.
      singulars
      1. PO
      1. USrdickert
    3. COIt's no deal-breaker - the benefits of Meteor justifies this "inconvenience" by far. But it would be nice to have a feature of white-listing a few routes/templates to be the only public ones...
      singulars
      1. PO
      1. USjanka
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload