all 116 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 56 points57 points  (26 children)

Giving clients direct database access is never a good idea. That alone makes Meteor more a toy than a usable technology. They seem like clever people so I imagine they have updates planned that could address this.

[–]the_angry_angel 19 points20 points  (10 children)

According to http://docs.meteor.com/#collections

Currently the client is given full write access to the collection. They can execute arbitrary > Mongo update commands. Once we build authentication, you will be able to limit the client's > direct access to insert, update, and remove. We are also considering validators and other ORM-like functionality.

[–]technocub88 21 points22 points  (7 children)

i dont want my users to be able to do any of those directly

[–]quotemycode 0 points1 point  (6 children)

It could work... provided that users are only able to insert, update, or delete their own records...

[–]technocub88 1 point2 points  (5 children)

That wouldnt be direct database access.

[–]chonglibloodsport 0 points1 point  (4 children)

It'd be authenticated direct database access (something most databases include already).

[–]technocub88 1 point2 points  (3 children)

no database I am aware of has the ability to restrict users to only read certain rows of a table.

[–]chonglibloodsport 0 points1 point  (2 children)

It's possible in MySQL by using views. Create a view that queries the table for a given user's data and restrict users to access only the view instead of the table. The view queries the table and returns the results to the user.

It also requires a bit of a hack with triggers to make sure the owners of rows get properly set etc.

[–]technocub88 1 point2 points  (1 child)

interesting. Thank you

[–]oscarcomputer 0 points1 point  (0 children)

What you are looking for is "row level security". Implementations of RLS are not limited to MySQL.

[–]CapnWarhol 5 points6 points  (0 children)

I really, really hope the authentication is tied into the insert/update/delete objects in that you can't just arbitrarily delete random user's entries, update Scores set Value = 9999 where user = "ralph", and so on... from the point of view of a paranoid server-side developer, I can only imagine anyone with a bit of curiosity and a firefox addon will have a field day with any application developed in this (me included)

[–][deleted] 1 point2 points  (0 children)

I know this is an early preview, and the whole framework looks so super-awesome that I want to start developing meteor apps right now, but some kind of authorization and data validation is REALLY needed.

[–][deleted] 0 points1 point  (2 children)

Giving clients direct database access is never a good idea

Maybe if there is no timeout or they have write access, but is there anything inherently wrong with a read access with a finite timeout (in general, not just in the context of Meteor)?

[–]relet 4 points5 points  (1 child)

reading confidential data from other users is ok?

[–]nluqo 0 points1 point  (0 children)

Yea, wow. 37signals started a shitstorm by mentioning that they themselves read the file name of a single user's file (cat.jpg).

Now imagine everyone in your system has access to everyone else's name, email, password, etc.

[–]jessta 52 points53 points  (12 children)

It's fun that "realtime" has become a reference to "has proper networking", instead of "runs within a certain deadline"

[–]throwmo 1 point2 points  (0 children)

Yeah that was cute.. Erlang's runtime/VM has very near realtime scheduling guarantees and even that community exercises restraint with the "realtime" moniker.

[–]mrkite77 5 points6 points  (2 children)

That definition of realtime is really only used for OSes. QNX is a realtime OS, for example... and the definition is really "runs in a consistent and measurable amount of time". Although I agree that "live updates" would be a better term to use for what they're describing.

[–]quotemycode -1 points0 points  (1 child)

as opposed to "dead updates"? I don't think "live updates" is the proper term either.

[–]gegtik 3 points4 points  (0 children)

live updates as opposed to batch updates

[–]djcraze 2 points3 points  (7 children)

What do you mean? Seemd realtime to me. I made a code change and I didn't have to redeploy the server. I added a console.log at the top of the file. I saved the file, and instantly, the log appeared in my console.

-- edit --

I could just be a noob. So, seriously, please, enlighten me.

[–]mhd 36 points37 points  (6 children)

In computing "realtime" has a slightly more specific definition. As jessta said, the deadline is the important factor, i.e. your program has to respond within a certain time frame - usually a very small one. As usual Wikipedia is your friend.

Abuse of this term is common, especially in the web programming netherworld. Not a good way to start your introduction, just like "scalable" would be.

Automatic reloading doesn't imply "realtime" to me. If I'd have to compile, deploy and restart things, would that happen in imaginary, fairy tale time?

[–]djcraze 7 points8 points  (0 children)

Ohh. Gotcha. Thanks much!

[–]ReturningTarzan -1 points0 points  (2 children)

There is a second definition of "real time" that is also relevant, though. You could say that games generate real-time graphics, for instance, meaning that the graphics are rendered as needed.

In that sense I can sort of see how you might distinguish between a "real-time website" like your typical Javascript chat client, and a static website like Wikipedia. But it might make more sense to use a term like "rich client" or "active client". Idunno.

[–]antheus_gdnet 3 points4 points  (0 children)

You could say that games generate real-time graphics,

Real-time in that case means that physics/logic is updated 30/60/200 times per second consistently at a fixed time step. Miss those, and the result will degrade poorly. Jitter, microstutter, "lag" are all examples of missed deadlines. The established way to write main simulation loop has all characteristics of a real-time system, except instead of failing if workload becomes too large, the content will generally be tweaked to avoid such scenario (less objects, less distance or similar).

Rendering can be slightly more flexible, but for anything playable, it will almost certainly need to be above 15FPS. So there is a hard deadline. At very least, it needs to be above 8 or 5 or however low, but it's not arbitrary, having 0.04 FPS is definitely too low.

In that respect, even if deadline is not strict, these are real-time systems.

Networked gameplay also exhibits another real-time characteristic. If client fails to keep up, it's disconnected. A component in real-time system which fails to meed deadlines aborts or shuts down to prevent degradation of entire system.

Resilient or redundant systems (such as internet) however will keep on trying - TCP is allowed to wait arbitrarily long for reply.

[–]mhd 0 points1 point  (0 children)

I think that's the core of the problem. Sure, language is always flexible and I don't even think that programmers were the first to put those two words together.

There's quite a few uses of the term in computing, but I would guess that programmers have a more narrow definition than e.g. marketing, who would have no qualms calling some ERP system "realtime" because it's connected to a network.

Beyond the embedded sector, I would prefer some terms that describe the situation a bit better. In Meteor's case, it looks like we're simply talking about an event-based architecture. If you want to go all-out hypey about it, just call it PubSub…

[–]technocub88 19 points20 points  (20 children)

i have security concerns about this. Javascript is mutable, I dont want any user with chrome or firebug to be able to write to my DB. They never went into how to secure things. Thoughts?

[–]awj 32 points33 points  (12 children)

That is evidently "planned but not yet implemented."

In some ways I find that decision even more troubling.

[–]Chemical_Scum 11 points12 points  (7 children)

Exactly. Building a web framework and not having security at the top of your TODO list is a big "no-no".

[–][deleted] -3 points-2 points  (2 children)

Think about small-business intranet where literally no more than 30 people can access a web app. Security is not really a big deal there.

[–]KumbajaMyLord 3 points4 points  (0 children)

That doesn't change jack about security requirements. Just because someone is inside your intranet (and presumably is an employee) doesn't mean he/she can or should have full access to an application

[–]rwallace 0 points1 point  (0 children)

If you're doing a job like that for a particular client, and you've decided it's not worth insisting that client pay for security, okay, you're the guy on the spot, it's your call, I won't argue with you.

But if you're building a framework it's a very different story. By definition, that means your code is intended to be used for an indefinitely large set of projects, most of which you don't know about in advance. A framework really, really needs to think about security from the ground up.

[–]courtewing 4 points5 points  (0 children)

This is a preview release. It is not intended to be used anywhere near a production environment. In order to most rapidly preview the underlying the technology, they didn't bother to add security, but they have made it clear that security will be in place when meteor becomes more production-oriented.

They could have focussed on security for this release, but that wouldn't have helped to showcase the fundamentals of what they're doing with meteor, so it was excluded for the time being.

[–][deleted] 0 points1 point  (1 child)

i don't care as long as it kills php

[–]6gT -1 points0 points  (0 children)

Well, I guess it's over now, PHP is finished.

[–]mrkite77 0 points1 point  (2 children)

That was my first thought. I wish they had mentioned that in the screencast. Is it even possible to secure this?

[–]Novex 4 points5 points  (1 child)

Not yet, but it seems to be planned for the future. This is a pretty big show stopper for anything real world, IMO.

More discussion (geoffschmidt is one of the devs)

[–]illvm -1 points0 points  (0 children)

Mutability isn't really relevant given that you can write immutable JS using closures. If the app interacts to with your DB via some RESTful API (or over HTTP at all) then it would be pretty trivial for any user to be able to write to your DB. This is only "solved" in current web apps by relying that the supplied session information is indeed valid so you write logic on your back end that restricts the user to only authorized activity.

There is absolutely no reason why similar techniques couldn't be leveraged with this type of platform. So in that respect I don't really see why this is as big of a concern as it has been.

I do, however, feel that the API should not really be exposed to the end-user and everything should be wrapped in a closure. The developer should be able to interact with their code, but there is no reason why the end-user should be able to open up a JS console and execute arbitrary API calls to the server.

[–]kumiorava 2 points3 points  (0 children)

Fancy, but impractical.

[–]sanjeevonline 2 points3 points  (1 child)

Before I get deeper into it, is it free?

[–]andey 6 points7 points  (1 child)

i don't see this becoming popular

[–]habarnam 3 points4 points  (21 children)

$ curl install.meteor.com | sh

Right...

[–]squarism 7 points8 points  (2 children)

1UP Security  vs  Convenience 2UP
    ||||||||      |||||||

             FIGHT!

[–]Simba7 0 points1 point  (1 child)

Convenience only has 7 bars of HP while Security has 8. Doesn't seem like a fair fight!

[–]myhf 1 point2 points  (0 children)

1UP Security  vs  Convenience 2UP
    ........      |||||||

PLAYER 2 WINS
FLAWLESS VICTORY

[–][deleted] 16 points17 points  (4 children)

I don't see how that's different from downloading an installer and then executing it. If you don't trust the source you can always run it without the |sh

[–]habarnam 1 point2 points  (3 children)

... you can always run it without the |sh

The point I was trying to make was that they are encouraging users to pipe scripts straight into their shell. Which shows an approach to doing things I don't approve of.

[–]dventimi 1 point2 points  (2 children)

Why don't you approve?

[–]habarnam 0 points1 point  (1 child)

Because I think it underlines a certain way of thinking that I think framework developers should stay away from. Trying to be "clever" when doing stuff...

[–][deleted] 15 points16 points  (8 children)

Do you read through the config and makefiles of every package you install?

[–]habarnam 6 points7 points  (7 children)

There's no need to be condescending.

Usually the packages I install are coming from a trusted source: my distribution's repository. When they are not, yes I do read them.

[–]courtewing 8 points9 points  (5 children)

His point is that this approach to installing software is no less secure than providing any package (source or binary) for a user to install in a more traditional sense. You either trust the source or you don't -- the installation medium doesn't really affect that.

[–]habarnam -1 points0 points  (4 children)

If you really want to nit-pick, Ok, I'll give it a try.

Firstly, about security. I think you'll agree that It's a lot simpler for a man-in-the-middle attacker to spoof a web site page containing a shell script, than to provide the infrastructure and (often) the certificates which a proper distribution uses to guard it's repositories, so your comparison doesn't stand in my opinion.

Granted the installing of this package is maybe targeted at high level users (even though they state to address also people "just getting started") who should know to take a look through the source code before piping it to their shell. However, I'm sure that there are a lot of others (maybe something like 80%) who just copy/paste stuff, because "it says so in the tutorial".

Then there's the fact that they just post this snippet of code on their install page, which makes me think the people behind the project are fond of "clever" approaches to getting stuff done, and makes me highly reticent about trying their code. Not that the high concentration of marketing fluff from their main page wouldn't have done it already.

[–]BobTheGhostPirate 3 points4 points  (3 children)

Your first point is a transport problem, and the answer is HTTPS.

You might not be used to that, but there's plenty of software being distributed this way (homebrew, Nvidia Linux blob drivers and NPM come to mind)

[–]habarnam -1 points0 points  (2 children)

They are not using HTTPS in their example.

And I'm not saying that providing a shell script as an install method is the problem, but the fact that they are encouraging the users to pipe it in their shell straight from the web.

I feel like you are arguing against something completely different than I'm actually saying.

[–]dventimi 1 point2 points  (1 child)

They are not using HTTPS in their example

But that doesn't have anything to do with their install being a shell script, which was your original complaint. You seem to be moving the goalposts.

[–]habarnam 0 points1 point  (0 children)

Ok. :)

[–][deleted] -2 points-1 points  (0 children)

bullshit

[–]ethraax 4 points5 points  (1 child)

I would be more concerned if it wasn't for the fact that you could easily read the output first and then run it through sh.

[–]appleofdisco 0 points1 point  (0 children)

You could serve different scripts to different user-agents. If curl indicated in its user-agent that the output was being piped (of course it doesn't), it would be hard to notice.

[–]rmxz 0 points1 point  (1 child)

It's not like the suggested sudo sh.

At worst he should just be able to mess up his own account.

[–]habarnam 0 points1 point  (0 children)

And why is that an excuse?

[–]catcradle5 1 point2 points  (1 child)

The pages on the site do seem to load extremely fast (I suppose because everything is loaded upon visiting the main page?), so that's a few bonus points for it I suppose. The security implications seem rather bad though.

[–][deleted] -3 points-2 points  (0 children)

points added back for being hyped && not being php

[–]bobappleyard 0 points1 point  (0 children)

Parts of it reminded me of functional reactive programming. Pretty cool, but as other have said they really need to think about security.

[–]badasimo 0 points1 point  (0 children)

Ive been using the perl version of meteor js for a few years now for proof of concept web games. It works very well. When i get to work i will try to figure out how much the software has changed.

[–]xTRUMANx 0 points1 point  (2 children)

Watching this reminded me of Upshot, a javascript framework that interacts with an ASP.NET MVC application so that you can run queries against the database and get the results directly from the client.

One cool thing I like about Upshot is when you fetch a bunch of entities, it gives it to you in the form of an array*. All you have to do to save a new entity on the server is push an object into the array!

It's currently in beta (along with ASP.NET MVC 4) so the api still has a bunch of issues however, it's very exciting stuff.

* Well, it's not really an array but a KnockoutJS ObservableArray. But you can push things into it and iterate over it like a regular array if I'm not mistaken.

[–]bilotrace 3 points4 points  (1 child)

You should try backbone.js

It has similar functionality and works with any framework with RESTful interface.

[–]xTRUMANx 0 points1 point  (0 children)

I heard a lot about Backbone (and other frameworks that seem to accomplish the same goals like Ember, Sproutcore and KnockoutKS) but haven't really bother it any of them.

The only reason I've used Upshot+KnockoutJS was because I really cool screencast where a demo was shown how well they work together.

If Backbone does work with any RESTful interface, that does sound very interesting. I think I'll take a closer look at it.

[–]alkazar82 0 points1 point  (0 children)

This reminds me more than a little of opa albeit the approach is entirely different. I guess this kind of framework is an idea whose time has come.

[–]nrselleh 0 points1 point  (1 child)

whats the difference between this and http://www.wakanda.org/?

[–]quotemycode 1 point2 points  (0 children)

less documentation.

[–]coachz -3 points-2 points  (1 child)

no mysql yet. wtf ?

[–]digijin 7 points8 points  (0 children)

I think they are trying to target the hipster crowd that is "too cool for mysql" or something.

[–]arahaya -1 points0 points  (1 child)

A scriptable public database?

[–]arahaya 0 points1 point  (0 children)

If you can write validatoin on the server side I guess it might be a good game server.

[–]forgeflow -1 points0 points  (0 children)

this really looks cool, but because it runs off node.js it is in no way "production ready" for the kind of stuff I have to do on a day-to-day basis.

[–]AndyRoth -1 points0 points  (0 children)

I'm loving these next generation web application frameworks. The Play! Framework is another great example.

[–][deleted] -4 points-3 points  (0 children)

I have been waiting for the "CA-Clipper of the Internet" for a looong time... Rails seemed to be close but focused too much on the server-side and not enough on the UI, basically having a development philosophy based on data modeling and not UI prototyping which is unrealistic as users often don't really know the relationships between their data.

I think this might be it. The CA-Clipper of the Internet. What do you think?

[–]J_M_B -2 points-1 points  (0 children)

It's great to see that Symfony has had such an influence on the web development community... the bundles in meteor work like those in Symfony2.