Security: ReactiveCountdown



I have ReactiveCountdown function on server. On tick is running server calculation function and update my collection objects.

I need to denny updates on client, but i need to allow update to server side!

Client is not loggin.

How I can do it? thanks


Make sure you meteor remove autopublish insecure.

Then, if you ensure your code is only on the server* (no client or shared js), then it cannot be accessed on the client.

* Put code in the server/ folder. If you are using import, put code in the imports/server/ folder.

EDIT: forgot to add insecure to the remove list.


ok,but client can open browser console and run coommand to update collection object! I can`t denny permition to update because i need to update on server side!


Not if it’s not available on the client.


meteor remove insecure
(…) after removing this package (…) all client-side database permissions have been revoked