What security mechanisms does Meteor have?

mongodb security meteor
Olivier Refalo picture Olivier Refalo · Apr 11, 2012 · Viewed 11.2k times · Source

We all know that Meteor offers the miniMongo driver which seamlessly allows the client to access the persistent layer (MongoDB).

If any client can access the persistent API how does one secure his application?

What are the security mechanisms that Meteor provides and in what context should they be used?

Answer

Murali Ramakrishnan picture Murali Ramakrishnan · Oct 19, 2012

When you create a app using meteor command, by default the app includes the following packages:

  • AUTOPUBLISH
  • INSECURE

Together, these mimic the effect of each client having full read/write access to the server's database. These are useful prototyping tools (development purposes only), but typically not appropriate for production applications. When you're ready for production release, just remove these packages.

To add more, Meteor supports Facebook / Twitter / and Much More packages to handle authentication, and the coolest is the Accounts-UI package

Related questions

What MongoDB user privileges do I need to add a user to a new/another mongo database?

I have enabled authentication in the MongoDB config file after adding one admin user with the following privileges: userAdmin and userAdminAnyDatabase. Now I connect with this user to the db where this admin user is defined (otherwise I get exception: …

Read More
Problem with access to Mongodb on Amazon EC2

i've got another question for you. I have Amazon EC2 instance with mondodb installed. It works great except one thing - i can't access (connect to) it from outside (my PC). I think the problem with Security Groups. It's some …

Read More
How to query MongoDB with "like"?

I want to query something with SQL's like query: SELECT * FROM users WHERE name LIKE '%m%' How to do I achieve the same in MongoDB? I can't find an operator for like in the documentation.

Read More