Menu
As a newbie to meteor, I found lacking security is one of the first impressions people usually have due to meteor's historic debut and that meteor has taken measurements to address the concern. Therefore I pay more attention to this subject as I am learning it. When following the to-do list tutorial, I noticed, to my surprise, the if (Meteor.isServer) {} block is visible in browser. The tutorial dedicated 2 steps out of 12 to move client-side code to server-side to make it secure. But if server-side code is also visible in browser, isn't that defeated the whole purpose? How could meteor be a secure platform in that regard?
356
The tutorial is using this simple technique to start things quickly, but hopefully there is a built-in way to prevent server code being sent to the browser.
Every code that you put in the server directory won't be shipped to the client.
Likewise, source code living under the client directory only lives in the browser environment.
This is detailed in the docs section relative to "Structuring your app" :
http://docs.meteor.com/#/full/structuringyourapp
94
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
