meteor-ios icon indicating copy to clipboard operation
meteor-ios copied to clipboard

Published 20 hours ago verified publisher icon martijnwalraven

Allow Deny required for security

Open zleman1593 opened this issue 9 years ago • 3 comments

When not using custom method calls, does Meteor iOS rely on the developer using Meteor's Allow Deny functions for secure insert, update, and remove functions when using Meteor iOS with CoreData? I intend to have a web client too, but hoped to avoid the security issues with allow-deny by just using custom methods.

zleman1593 avatar Jun 25 '15 20:06 zleman1593

It's better to use allow/deny if you can. That's why it is there for. Use methods if you need to do more than just insert/update/remove.

hell000 avatar Jun 25 '15 22:06 hell000

Allow and deny are very likely to create security holes. Fixing such holes can take many lines of code. See the discover meteor blog for details.

zleman1593 avatar Jun 26 '15 01:06 zleman1593

Is the ongoworks:security package enough to handle that? (I’ve only just started playing with it).

Kevin N.

CaptainN avatar Jun 26 '15 04:06 CaptainN