Article

Data security

Data security

Transmate works with a security by design data approach. Transmate is by design more secure than any traditional client-server REST-based framework in at least six ways:

  1. The publish/subscribe mechanism limits the data that can be retrieved from the server. Operations on client-side collections are by default restricted.
  2. Transmate role approach provides fine-grained Role-Based Access Control.
  3. Transmate doesn't use session cookies, which makes Cross-Site Request Forgeries (CSRF) impossible.
  4. All user input is HTML-escaped when being displayed back to the client, thanks to the Handlebars-like {{...}} templates. A first defense against XSS.
  5. Transmate uses the best crypto to store hashed passwords - bcrypt
  6. Transmate provides fine-grained control over method calls and database access

Publish & subscribe methodoly

Transmate uses publish and subscribe methodology as security layer for data. The server side will publish only relevant data for a specific client. This data query is performed on the server and is not accessible by a client on any way. On the client side, the client can subscribe to a data publication. However, by smartly filtereing in the available data, we have a way for clients to specify which subset of that data they need, and that’s exactly where subscriptions come in.

Any data you subscribe to will be mirrored on the client thanks to Minimongo, a client-side implementation of MongoDB.

visual explanation of publish & subscribe methodology