This should be default security in meteor!

[markudevelop]

Meteor is so easy in many ways, But allow/deny are not. So why don't meteor adapt this as the default security behavior have you guys tried proposing it? I think the logic created here is really top notch. This package is truly an art logic wise!

[aldeed]

Thanks! I don't think we've suggested it to MDG, but they're more likely to listen to a bunch of requests from the community than to one request from us.

My thinking was actually to propose a customizable API for security of untrusted writes, so rather than having allow/deny baked into the mongo package, it could just call the any security hooks that were registered by packages. They could still have an allow/deny package by default, but you'd be able to remove it and replace with packages list this, which would be nice because currently it requires a bunch of hacking on allow/deny to make this work.