Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What do you think of allow/deny collection methods return false as default? #22

Closed
gabrielhpugliese opened this issue Apr 25, 2014 · 2 comments
Closed

What do you think of allow/deny collection methods return false as default? #22

gabrielhpugliese opened this issue Apr 25, 2014 · 2 comments

Comments

@gabrielhpugliese
Copy link

People can forget to change them.
And I think scaffolding only the allow method sufficient. I usually add deny methods in very specific parts of my project.
@lirbank
Copy link
Contributor

lirbank commented Nov 24, 2014

Just realized the default allow/deny rules allows anyone full write access to the DB. I totally assumed it was the opposite. Having these rules is like adding the "insecure" package twice...

I vote for changing this. It should be locked down by default and then the developer can gradually open up access as needed.

My take is, while Meteors 'insecure' package is for playing around and get an app up and running quickly, I think by the time a developer start to use/need EM it is probably already writing production code. And thus the first thing you do is to remove insecure and autopublish. My 2 cents.

@lirbank lirbank mentioned this issue Nov 24, 2014
Closed
@gabrielhpugliese
Copy link
Author

👏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gabrielhpugliese @lirbank