I’m an admitted newb with Meteor. I have done a bit of research about security with my app. I am aware of some basic ways to make my app more secure. But my question is…how concerned do I need to be about security for an app that will be for private business use? It will be running online, but you need to log in to use it and only an Admin account can even create users. I’ve set up some allow and deny rules for inserting, updating, and deleting users. But is that enough until later when my project grows (I was planning on revisiting security when the app grows into an online store)?
edit: I would like to add that I’ve set up almost all of my inserts client side, which I just learned you shouldn’t do. Should I be particularly concerned about this?