Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So, as I write Node.js and Socket.io based applications, lots of my code(on the server at least) focuses almost completely on protecting myself from bad data/malicious users. I know it works this way for almost any application, but how does Meteor handle this? I saw in the screencast someone opening their chrome console and touching the database directly. This seems like an absolute nightmare to protect! Currently, I only need to protect the individual web address that gets, puts, posts, etc. It's a single query with clear attack vectors that can be guarded against. How in the world do you protect a server and data using this framework?


My first reaction when I saw him opening the chrome console was the same, its going to be a nightmare to build and maintain secure apps with this thing.


I guess the theoretical plus side, security-wise, of pushing everything through one abstraction is the potential for simplifying security. Non-layered approaches like Meteor make me a bit queasy, though. Will be interesting when its auth mechanism undergoes community security review.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: