Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
meteor-talk
Message from discussion A simple little server side data protection trick...aka...Slice tastes great!

View parsed - Show only message text

Date: Thu, 23 Aug 2012 15:30:00 -0700 (PDT)
From: steeve <stephentcan...@gmail.com>
To: meteor-talk@googlegroups.com
Message-Id: <a5df95ab-436b-4d27-bb41-24c7fe95dbd6@googlegroups.com>
In-Reply-To: <4ea1e2fa-0a0d-4ae1-91cc-a93a9f902703@googlegroups.com>
References: <4ea1e2fa-0a0d-4ae1-91cc-a93a9f902703@googlegroups.com>
Subject: Re: A simple little server side data protection trick...aka...Slice
 tastes great!
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_182_28320132.1345761000497"

------=_Part_182_28320132.1345761000497
Content-Type: multipart/alternative; 
	boundary="----=_Part_183_6849491.1345761000497"

------=_Part_183_6849491.1345761000497
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Oh yeah forgot you gotta use the modifier.$set stuff in the update or 
$addToSet or $pull or whatever it is you might be doing.

modifier.$set.name = modifier.$set.name.slice(0,255);
modifier.$set.description = modifier.$set.description.slice(0,255);
modifier.$set.pay_to = modifier.$set.pay_to.slice(0,255);
modifier.$set.receipt_mark = modifier.$set.receipt_mark.slice(0,1);
modifier.$set.rate = modifier.$set.rate.slice(0,4);

On Thursday, August 23, 2012 5:53:48 PM UTC-4, steeve wrote:
>
> Personally, I am a big fan of the drink Slice.  Orange clearly being my 
> favorite.
>
> So, I am sure everyone is using/sharing Models client/server side and 
> doing all kinds of fancy pantsy validation stuff to protect data inserts 
> and updates and whatnots.
>
> Just wanted to share what I do on top of client/server Models and data 
> validation routines.  I always call my Model.validate() methods inside the 
> inserts/updates before I do this stuff anyway and throw Meteor errors so it 
> bubbles all the way back up to the client view. 
>
> You can do this with either the old way of protecting data by locking down 
> and using Meteor methods or with the auth branch.  I use the auth branch.
>
> I slice everything before I insert or update it just to be extra safe. 
>  Here is an example in the insert function in an auth branch application.
>
> insert: function (userId, doc) { 
>         doc.name = doc.name.slice(0,255);
>         doc.description = doc.description.slice(0,255);
>         doc.pay_to = doc.pay_to.slice(0,255);
>         doc.receipt_mark = doc.receipt_mark.slice(0,1);
>         doc.rate = doc.rate.slice(0,4);
>
> At least you know if you fubard your validation code client or server side 
> or something else went sideways that at least you don't have data over 
> writes.  Clearly you take this even farther and perform all kinds of tricks 
> and stunts.  Just found this refreshing and wanted to share.
>
> Slice is so refreshing.
>
> Steeve
>

------=_Part_183_6849491.1345761000497
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Oh yeah forgot you gotta use the modifier.$set stuff in the update or $addT=
oSet or $pull or whatever it is you might be doing.<div><br></div><div><div=
><div>modifier.$set.name =3D modifier.$set.name.slice(0,255);</div><div>mod=
ifier.$set.description =3D modifier.$set.description.slice(0,255);</div><di=
v>modifier.$set.pay_to =3D modifier.$set.pay_to.slice(0,255);</div><div>mod=
ifier.$set.receipt_mark =3D modifier.$set.receipt_mark.slice(0,1);</div><di=
v>modifier.$set.rate =3D modifier.$set.rate.slice(0,4);</div></div><br>On T=
hursday, August 23, 2012 5:53:48 PM UTC-4, steeve wrote:<blockquote class=
=3D"gmail_quote" style=3D"margin: 0;margin-left: 0.8ex;border-left: 1px #cc=
c solid;padding-left: 1ex;">Personally, I am a big fan of the drink Slice. =
&nbsp;Orange clearly being my favorite.<div><br></div><div>So, I am sure ev=
eryone is using/sharing Models client/server side and doing all kinds of fa=
ncy pantsy validation stuff to protect data inserts and updates and whatnot=
s.</div><div><br></div><div>Just wanted to share what I do on top of client=
/server Models and data validation routines. &nbsp;I always call my Model.v=
alidate() methods inside the inserts/updates before I do this stuff anyway =
and throw Meteor errors so it bubbles all the way back up to the client vie=
w.&nbsp;</div><div><br></div><div>You can do this with either the old way o=
f protecting data by locking down and using Meteor methods or with the auth=
 branch. &nbsp;I use the auth branch.</div><div><br></div><div>I slice ever=
ything before I insert or update it just to be extra safe. &nbsp;Here is an=
 example in the insert function in an auth branch application.</div><div><b=
r></div><div>insert: function (userId, doc) {&nbsp;<br></div><div><div>&nbs=
p; &nbsp; &nbsp; &nbsp; <a href=3D"http://doc.name" target=3D"_blank">doc.n=
ame</a> =3D doc.name.slice(0,255);</div><div>&nbsp; &nbsp; &nbsp; &nbsp; do=
c.description =3D doc.description.slice(0,255);</div><div>&nbsp; &nbsp; &nb=
sp; &nbsp; doc.pay_to =3D doc.pay_to.slice(0,255);</div><div>&nbsp; &nbsp; =
&nbsp; &nbsp; doc.receipt_mark =3D doc.receipt_mark.slice(0,1);</div><div>&=
nbsp; &nbsp; &nbsp; &nbsp; doc.rate =3D doc.rate.slice(0,4);</div></div><di=
v><br></div><div>At least you know if you fubard your validation code clien=
t or server side or something else went sideways that at least you don't ha=
ve data over writes. &nbsp;Clearly you take this even farther and perform a=
ll kinds of tricks and stunts. &nbsp;Just found this refreshing and wanted =
to share.</div><div><br></div><div>Slice is so refreshing.<br></div><div><b=
r></div><div>Steeve</div></blockquote></div>
------=_Part_183_6849491.1345761000497--

------=_Part_182_28320132.1345761000497--

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google