Blog Post

Meteor fortifies framework with authentication, user account controls

Meteor Development is adding important new security features to its fledgling real-time JavaScript framework, according to a company blog post.

The new Meteor 0.5.0 version — released Thursday– adds server-side authentication APIs and user account controls which should make it easier for developers to write more secure applications.

Meteor’s aim over all is to help developers write truly webscale enterprise applications faster and easier than before. Developers especially like Meteor’s ability to “push” hot code updates to users without interrupting the users’ work.

The beauty of Meteor’s framework overall is that it lets developers use the same APIs on the client and server side of the application divide, speeding actual development.

According to Meteor’s blog post, the new Meteor.allow API:

“controls which data a Meteor client is allowed to change in the database, and hooks that give the Meteor server control over what data it sends to each client. These core APIs operate at the wire protocol layer, so they establish a strong foundation for security.”

Also new is Meteor Accounts which is built atop the core Meteor authentication to provide higher-level APIs to manage user accounts.

Also new is support for the Secure Remote Password protocol which lets users securely log in to a server without having to send that server their unencrypted password.

In the past six months, San Francisco-based Meteor has built an impressive developer base which helped it raise $11.2 million in Series A funding in July. But as with any new tool set, there were gaps to be filled, and security was chief among developer concerns. A question posted to Stackoverflow summed them up.

“What is the time-frame for adding authentication and data validation to Meteor? This validation/authentication is vital for Meteor to be taken seriously for anything other than toy projects. Full write permissions for every client is obviously unacceptable for most (if not all) applications.”

It sounds like Meteor,  co-founded by Matt DeBergalis, founder of the ActBlue fundraising platform, is listening to their concerns.

Feature photo courtesy of  Flickr user Dominic’s pics