hell000
commented
9 years ago It's better to use allow/deny if you can. That's why it is there for. Use methods if you need to do more than just insert/update/remove.
Open zleman1593 opened 9 years ago
hell000
commented
9 years ago It's better to use allow/deny if you can. That's why it is there for. Use methods if you need to do more than just insert/update/remove.
zleman1593
commented
9 years ago Allow and deny are very likely to create security holes. Fixing such holes can take many lines of code. See the discover meteor blog for details.
CaptainN
commented
9 years ago Is the ongoworks:security package enough to handle that? (I’ve only just started playing with it).
Kevin N.
When not using custom method calls, does Meteor iOS rely on the developer using Meteor's Allow Deny functions for secure insert, update, and remove functions when using Meteor iOS with CoreData? I intend to have a web client too, but hoped to avoid the security issues with allow-deny by just using custom methods.