Menu
How do you apply the security principles for routing?
That has to be done client side. Does it mean there is no secure way to restrict some routes to specific users. I know about filters in Meteor.Router, but those are defined on the client side.
This is a question asked in this comment by curious2learn.
527
Unfortunately, you're right, currently there's no secure way to restrict routes to specific users.
In the current version of Meteor, the whole client code is sent to all users at once. It means that all the views and templates are there, and an inclined user will find a way to display them.
This of course does not mean that you shouldn't secure them so that an unprivileged user doesn't enter them by accident, you can do this easily by router filters or by packing the whole template in a conditional. This just means that you shouldn't trust who sees the template, so you shouldn't put a hardcoded sensitive data in one. Again, never trust the client, even your own code (it can be tampered).
The only thing you can control is the data that will be fetched and displayed in said template.
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
