Meteor
Today's release includes everything necessary to build and deploy secure applications using Meteor:
New authentication APIs on the server: a
Meteor.allowAPI that controls which data a Meteor client is allowed to change in the database, and hooks that give the Meteor server control over what data it sends to each client. These core APIs operate at the wire protocol layer, so they establish a strong foundation for security.Meteor Accounts, a state-of-the-art user account system built on top of the core Meteor authentication APIs. Accounts provides a set of high-level APIs to manage user accounts, which are stored in the
Meteor.userscollection.Support for the Secure Remote Password protocol. Developed at Stanford, SRP lets a user securely log in to a server without ever sending that server their unencrypted password. The kind of high-profile security breaches at LinkedIn and Pandora earlier this year are impossible with SRP. Instead of asking every application developer to safely store passwords, we've baked the very best technology right into Meteor Accounts.
Smart packages for major OAuth login services, including Google, Facebook, Twitter, GitHub, and Weibo. Packages for additional providers are also available on Atmosphere, a repository for community packages.
Accounts UI, a set of login, signup, and password reset forms that drop right into an application with one line of code. Accounts UI also provides configuration wizards for each of the OAuth login packages.
