TheProofIsTrivium
Reputation: 808
Meteor JS - Collections (mongodb) can be changed by any visitor (Not secure)
I am using the Meteor JS node framework for a project I am working on.
I noticed that anyone visiting my website can simply enter a similar command into the javascript console in their browser and edit my database.
MyCollection.insert({name: 'I am a hacker', message: 'hahaha'});
Is there any way to stop users from being able to do this?
This is really not secure, all they need to do is find the name of the Collection and they can do anything they want.
How can I fix this problem?
Should I use a different framework, is Meteor JS not ideal for a large-scale project?
Thanks,
Jonathan.
Upvotes: 2
Views: 515
Answers (1)
jesse keane
Reputation: 76
You would do best to read their docs, specifically http://docs.meteor.com/#dataandsecurity
Upvotes: 6
Related Questions
- MeteorJS App Security
- How to deny collection insert/update in the server side
- Can unauthorized people read the database from the client side in meteorjs?
- How secure are Meteor client side DB requests?
- How to secure data in Mongo DB of Meteor App
- How secure are client-side collections in Meteor?
- Protecting data on the client
- Meteorjs models/collections are accessible on client side. Security issue?
- How do you secure the client side MongoDB API?
- How tamper proof and secure is the client side Meteor.users collection?