Securing data transactions with allow and deny
Properly configured, Meteor collections are quite secure. The granular control we have over what is allowed and what is not allowed enables us to secure our applications appropriately. In this recipe, you will learn how to use allow and deny to secure your collections and control access.
Getting ready
Using the Basic safety – removing insecure recipe found in this chapter, we already have an application with both the autopublish and insecure packages removed. Once we add and configure the appropriate user accounts packages, we will be ready to proceed.
Using a copy of the Basic safety – removing insecure recipe as a baseline, open a terminal window, navigate to your project root, and execute the following commands:
$ meteor add accounts-ui $ meteor add accounts-password
If your app isn't already running, make sure to start it using the meteor command.
We now need to add the loginButtons template, and modify our insert statement, to add an owner...
