meteor - How do you secure the client side MongoDB API?

Question

Welcome To Ask or Share your Answers For Others

meteor - How do you secure the client side MongoDB API?

1 Reply

深蓝 · Answer 1 · 2021-10-23T18:29:24+0000

While there is no documented way to do this yet, here's some code that should do what you want:

Foo = new Meteor.Collection("foo");
...
if (Meteor.is_server) {
   Meteor.startup(function () {
       Meteor.default_server.method_handlers['/foo/insert'] = function () {};
       Meteor.default_server.method_handlers['/foo/update'] = function () {};
       Meteor.default_server.method_handlers['/foo/remove'] = function () {};
   });
}

This will disable the default insert/update/remove methods. Clients can try to insert into the database, but the server will do nothing, and the client will notice and remove the locally created item when the server responds.

insert/update/remove will still work on the server. You'll need to make methods with Meteor.methods that run on the server to accomplish any database writes.

All of this will change when the authentication branch lands. Once that happens, you'll be able to provide validators to inspect and authorize database writes on the server. Here's a little more detail: http://news.ycombinator.com/item?id=3825063

Categories

meteor - How do you secure the client side MongoDB API?

meteor - How do you secure the client side MongoDB API?

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags