使用流星在服务器端访问客户端的数据库 [英] Accessing to DB at client side as in server side with meteor

问题描述

我在docs上阅读过此内容

I read this at the docs:

无处不在的数据库.使用相同的透明API访问您的 来自客户端或服务器的数据库.

Database Everywhere. Use the same transparent API to access your database from the client or the server.

这很好，但是我认为存在一些安全问题.提供了对客户端数据库的完全透明的访问权限，您会遇到恶意用户，这些用户会修改JS代码(实际上是在他的浏览器上，他可以做到)并添加任何可以检索/删除/更新数据的数据库操作，可能是明智的.

This is great, but I think there are some security issues. Providing full and transparent access to the database at client side you are exposed to bad users, which modify you JS code (it's really at his browser and he can do it) and add any database action that could retrieve/remove/update data that perhaps could be sensible.

请，如果我错了，请纠正我. 谢谢！

Please, correct me if I'm wrong. Thanks!

推荐答案

您是正确的.开发人员目前正在研究Auth和安全性问题.到目前为止，所有内容都是开放的，非常适合创建原型和测试应用程序，但是它们很容易受到用户随意检索/删除/更新数据的攻击.

You are correct. The developers are currently working on Auth and security concerns. As of now everything is open and great for creating prototypes and test apps however they are vulnerable to users retrieve/remove/update data as they like.

在此处查看开发人员对此问题的答复:链接

See the developer response to this question here: Link

这篇关于使用流星在服务器端访问客户端的数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！