-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Review user data handling #344
Comments
Related to #283 |
Review this https://github.com/reactioncommerce/reaction/blob/development/packages/reaction-collections/server/publications/accounts.js#L56-L75 and specifically https://github.com/reactioncommerce/reaction/blob/development/packages/reaction-collections/server/publications/accounts.js#L78. Meteor.user is using https://github.com/meteor/meteor/blob/master/packages/accounts-base/accounts_common.js#L229. Account.server I think is the new multi-server implementation and seems to be returning more than would be expected in the client when reviewing console |
Note: I think the recommended approach here would be to remove this publication if possible, and rely on "Reaction.Accounts" but this would likely require a secure method of syncing those profile details, and replacing the functionality of |
I realized that we need to add
I think we need to think about each method. How often it could be called normally? And implement this rate limits. |
@Capt-Slow Josh, you and I should go over this ticket and extract some actionable items from it. |
I think the tickets created here cover the issues brought up in this ticket so this ticket is no longer needed. |
perform a full review of the storage and treatment of user data (ie: carts, accounts, sessions, emails)
Some ideas:
The text was updated successfully, but these errors were encountered: