Meteor 有哪些安全机制? [英] What security mechanisms does Meteor have?

问题描述

我们都知道 Meteor 提供了 miniMongo 驱动程序，可以无缝地允许客户端访问持久层 (MongoDB).

We all know that Meteor offers the miniMongo driver which seamlessly allows the client to access the persistent layer (MongoDB).

如果任何客户端都可以访问持久性 API，那么如何保护他的应用程序?

If any client can access the persistent API how does one secure his application?

Meteor 提供的安全机制是什么，应该在什么环境下使用?

What are the security mechanisms that Meteor provides and in what context should they be used?

推荐答案

当您使用meteor 命令创建应用程序时，默认情况下该应用程序包括以下包:

When you create a app using meteor command, by default the app includes the following packages:

• 自动发布
• 不安全

一起，这些模拟了每个客户端对服务器数据库具有完全读/写访问权限的效果.这些是有用的原型设计工具(仅用于开发目的)，但通常不适用于生产应用程序.当您准备好发布生产版本时，只需删除这些包即可.

Together, these mimic the effect of each client having full read/write access to the server's database. These are useful prototyping tools (development purposes only), but typically not appropriate for production applications. When you're ready for production release, just remove these packages.

为了添加更多内容，Meteor 支持 Facebook/Twitter/和更多 包来处理身份验证，最酷的是 Accounts-UI 包

To add more, Meteor supports Facebook / Twitter / and Much More packages to handle authentication, and the coolest is the Accounts-UI package

这篇关于Meteor 有哪些安全机制?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！