Hey all,
quick question that I’ve been going over in my mind for a bit, but wanted to get some other opinions.
Let’s say we have a collection, Settings
, and that all of our allow/deny rules are set up to prevent client-side manipulation of the collection. Also, we don’t have any server-side methods that provide access to the collection.
Are there other touch points within the app that could/should be locked down or looked at? The theory is that the collection provides the reactivity and cursor functions of a collection, but that it is read-only, meaning that really the only way to edit the values in the collection is through a mongo interface.
Just something I’ve been mulling over and wanted to hear some other opinions from those with a more in-depth understanding of how meteor works…