user5030225
Reputation:
Meteor: How do I prevent people from using commands from console
I want to prevent people from doing commands like Meteor.user(), (dbname).find().fetch(), etc
I have removed the insecure & autopublish package
But you can still do the commands like Meteor.user(), and you can still see all the items you have access to in a db.
My Question: is there any way to prevent the users from running said commands?
Upvotes: 1
Views: 132
Answers (1)
FloatingCoder
Reputation: 1724
No, this is an issue with web development in general, everything on the client system, the client has access too. If you are insuring they only have access to the data they should, and that all operations on the data are checked on the server side for security, there is nothing bad they can do from the console, so it doesn't matter.
Upvotes: 2
Related Questions
- Disable Meteor.user() details on browser console
- How to prevent invoking 'Meteor.call' from JavaScript Console?
- Prevent Meteor calls from being looped in the console
- Meteor prevent methods from being called from console
- Prevent client from calling server-side methods
- Meteor: How to prevent client from accessing methods
- Meteor JS simulate server command line on client html
- Allow to run Meteor server-methods only when user is logged in
- protecting client from javascript console
- Meteor: execute calls from client console "everywere"