Menu
I don't want just all of my users being able to insert/destroy data.
302
New in MongoDB 4.2 client side encryption allows administrators and developers to encrypt specific data fields in addition to other MongoDB encryption features. With field level encryption, developers can encrypt fields client side without any server-side configuration or directives.
If you're looking for the most secure, private way to send email or transmit data, client-side encryption is your best bet. Using client-side email encryption makes it less likely for your information to be intercepted by hostile third parties on the Internet.
While there is no documented way to do this yet, here's some code that should do what you want:
Foo = new Meteor.Collection("foo"); ... if (Meteor.is_server) { Meteor.startup(function () { Meteor.default_server.method_handlers['/foo/insert'] = function () {}; Meteor.default_server.method_handlers['/foo/update'] = function () {}; Meteor.default_server.method_handlers['/foo/remove'] = function () {}; }); } This will disable the default insert/update/remove methods. Clients can try to insert into the database, but the server will do nothing, and the client will notice and remove the locally created item when the server responds.
insert/update/remove will still work on the server. You'll need to make methods with Meteor.methods that run on the server to accomplish any database writes.
All of this will change when the authentication branch lands. Once that happens, you'll be able to provide validators to inspect and authorize database writes on the server. Here's a little more detail: http://news.ycombinator.com/item?id=3825063
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
