javascript - Meteor methods on server -


when write meteor methods collections put them in shared directory can simulated on client fast speeds. secure? should put methods in server directory , if kind of methods?

this not way meteor supposed work general case. supposed implement of collection methods (update, insert, remove) client side only, , check updates rights server side.

if have collection posts, not make meteor.call('addnewpost', newpost). , posts.insert(...) in addnewpost meteor method server side. classic way rest api ; meteor :)

you go client side directly posts.insert(...). displayed client side right away , try update base server side.

then server side, have set extensive permissions :

posts.allow({      'insert': function(userid, doc) {         // check if user exists         // if has right insert         // if tries insert ok         // ...     },      'update': function(userid, docs, fields, modifier) {         // same, width fields, doc, user...     },      'remove': function(userid, docs) {         // same again     }  });

you can allow() or deny()on can on collection. may seem weird real basis of latency compensation. may hudge security breach if not know how set permission need be. if know how that, there absolutely not security issue.

(my advice deny specific elements want allow)

so :

  1. the user updates database client side client side method : mycollection.update()
  2. he sees results
  3. meteor magic send server
  4. the server check if allowed
  5. if yes, write in base , send other subscribers
  6. if not, send request revert change client side

Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more