Reputation: 9416
The "derby" way of user authentication?
I know there are some packages like derby-auth, every-auth etc., that were written by the community/derby developers.
After a research I noticed that almost all the answers about the authentication mechanics in derby are pretty much a year old. Were there any changes? Is there a "derby" way to manage a simple username/password user authentication?
The official derby documentation says:
Access control A basic access control mechanism is implemented, but it isn’t documented quite yet. An example is coming soon.
You can mix up your own authentication service, but the key point wold be - is there a way to properly secure you collections to prevent client side intrusion?
EDIT: I can't find anywhere an example of a simple login and data lock! Is there a way to lock down collections and restrict some of the CRUD methods, like in MeteorJs? Right now, even with the derby-auth package, I am fully capable of mutating the model data trough the browser console, without being logged in.
Such a great framework, but this leak of documentation destroys it all..
Upvotes: 1
Views: 231
Answers (1)
Reputation: 447
AFAIK that is still work in progress: derby is still far from being production ready.
I'm working on a package called derby-passport, which is basically a fork of derby-auth, and I don't think any of these packages is actually an answer to you question. Not yet.
Upvotes: 1
Related Questions
- Can a client-side login be safe?
- What's the best way to create and authenticate users in Javascript?
- Derby.js (Racer) access control
- DerbyJS and Authentication
- creating user login in derby js
- Simulate User session with javascript
- safe user authentification without javascript
- Automatic authentication using Javascript?
- Authentication for in-browser client-side APIs?
- How to create server-side application logic on Racer / DerbyJS?