Thanks for your answers! A bit more of explanation on my side could have been of help: I’m trying to build something like an extranet to test Meteor. So you can see why I ran into these security issues.
I already defined the schema on the server, and apply all the validation there, but my concern is with all the rest of the code. I thought about implementing server-side rendering, but saw that too hacky. But i’ll certainly be looking into numtel:lazy-bundles, looks good at a first glance.
I already saw the feature request on Trello, but MDG stated clearly they wouldn’t be implementing this, as it would challenge Meteor’s core. And that is totally acceptable.
at M4v3R (can only mention two users )
Same answer as the one made to @nlammertyn. Also, I will never trust the user, never They can do all of nasty things with knowledge. “Give somebody an inch and they’ll take a mile”
Thanks for all your answers again. After considering a bit, I think I will try to secure the access directly on the webserver (in this case nginx): proxying, tokens, don’t really know right now. If that fails, I will have a closer look at numtel:lazy-bundles as suggested by @nlammertyn.