A simple little server side data protection trick...aka...Slice tastes great!

[steeve]

Personally, I am a big fan of the drink Slice.  Orange clearly being my favorite.

So, I am sure everyone is using/sharing Models client/server side and doing all kinds of fancy pantsy validation stuff to protect data inserts and updates and whatnots.

Just wanted to share what I do on top of client/server Models and data validation routines.  I always call my Model.validate() methods inside the inserts/updates before I do this stuff anyway and throw Meteor errors so it bubbles all the way back up to the client view. 

You can do this with either the old way of protecting data by locking down and using Meteor methods or with the auth branch.  I use the auth branch.

I slice everything before I insert or update it just to be extra safe.  Here is an example in the insert function in an auth branch application.

insert: function (userId, doc) { 

        doc.name = doc.name.slice(0,255);

        doc.description = doc.description.slice(0,255);

        doc.pay_to = doc.pay_to.slice(0,255);

        doc.receipt_mark = doc.receipt_mark.slice(0,1);

        doc.rate = doc.rate.slice(0,4);

At least you know if you fubard your validation code client or server side or something else went sideways that at least you don't have data over writes.  Clearly you take this even farther and perform all kinds of tricks and stunts.  Just found this refreshing and wanted to share.

Slice is so refreshing.

Steeve

[steeve]

Oh yeah forgot you gotta use the modifier.$set stuff in the update or $addToSet or $pull or whatever it is you might be doing.

modifier.$set.name = modifier.$set.name.slice(0,255);

modifier.$set.description = modifier.$set.description.slice(0,255);

modifier.$set.pay_to = modifier.$set.pay_to.slice(0,255);

modifier.$set.receipt_mark = modifier.$set.receipt_mark.slice(0,1);

modifier.$set.rate = modifier.$set.rate.slice(0,4);