Overall very interesting and looks promising. Like many on here already stated, how they address security will be interesting. Talking directly to the DB (as shown in the screencast) opens the door to a lot of concern. In a client->server->db model at least you have the server abstracting access to the db. yes it can also be hacked but at least you made it a little bit more difficult and can easily apply access rules rather than try to do it directly on the db side.
My main concern is that this makes it very easy for people with little understanding of the underlying systems to build somewhat comprehensive applications. It's too easy to make mistakes and assumptions that will bite them and their users later on. If someone sees that screencast, copy a simple example and build a small eCommerce site. They could potentially put their users and personal data in serious risk. It's not to say that the Meteor guys can't fix this, it just means they need to pay very close attention to it early on rather than wait or it will be a big problem and jeopardize the project. Besides these concerns, I love what they did. The hot code push is awesome and simple, the API is simple and easy to use. Really did a good job. Just please pay attention to security. Roy On Wednesday, April 11, 2012 3:16:28 AM UTC-4, Nikolay Yasinskiy wrote: > > meteor.com/screencast > meteor.com/examples -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
