Lazy loading based on authorization


#1

Hello!

I’m new to Meteor and really amazed about how fast you can develop software with it!
And now I’ve reached a point, where I really can’t find a solution.
What I want to do, is to separate my app in let’s say 3 different parts based on the user authorization. So let’s say there is a public, an user, and an admin part.
The default Meteor behaviour would be to send all the templates, js, css, etc. to everyone. Maybe I’m a little bit paranoid but this seems to me like a big security flaw, because I don’t want that for example every visitor or default user can see what the admin can do.
So my question is, if it is possible to send the templates, js, etc. files in a lazy-loading manner based on the authentication/authorization so that everyone only gets the files one really needs.

Thanks in advance!


#2
  1. security based on the fact that attacker dont know method names etc is really not very good approach
  2. make separate meteor instance for admin and block access to it somehow (cause you know before logging in there, you already sent all app files anyway)

#3

You can use https://github.com/numtel/meteor-lazy-bundles/


#4

Thanks for you answer!
1 - Of course, this is totally clear - but this approach makes the bad guys life at least a little bit more difficult. :wink:
2 - This “somehow” is in my opinion the question here.


#5

Thank you! From a quick look this seems like a solution for my question!