Getting access directly to database in my opinion is not a feature but a serious flaw. So many easy exploits doable like that.
I have also concerns about accessibility and SEO. Naouak, Grade 2 de Kobal. Site web: http://www.naouak.net On Wed, Apr 11, 2012 at 19:24, rhasson <[email protected]> wrote: > Overall very interesting and looks promising. Like many on here already > stated, how they address security will be interesting. Talking directly to > the DB (as shown in the screencast) opens the door to a lot of concern. In > a client->server->db model at least you have the server abstracting access > to the db. yes it can also be hacked but at least you made it a little bit > more difficult and can easily apply access rules rather than try to do it > directly on the db side. > > My main concern is that this makes it very easy for people with little > understanding of the underlying systems to build somewhat comprehensive > applications. It's too easy to make mistakes and assumptions that will > bite them and their users later on. If someone sees that screencast, copy > a simple example and build a small eCommerce site. They could potentially > put their users and personal data in serious risk. > > It's not to say that the Meteor guys can't fix this, it just means they > need to pay very close attention to it early on rather than wait or it will > be a big problem and jeopardize the project. > > Besides these concerns, I love what they did. The hot code push is > awesome and simple, the API is simple and easy to use. Really did a good > job. Just please pay attention to security. > > Roy > > > On Wednesday, April 11, 2012 3:16:28 AM UTC-4, Nikolay Yasinskiy wrote: >> >> meteor.com/screencast >> meteor.com/examples > > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
