We're also releasing a new screencast that shows off what it's like to develop with these powerful new tools. If you liked the first Meteor screencast you should definitely check this one out. We hope you'll share it with your friends and coworkers too.
We are thankful for the immense amount of support that we received in putting together this release — from those of you on meteor-core and meteor-talk, from those of you who are already using Meteor in commercial environments or making money from Meteor consulting, from everyone who sent pull requests, from those of you that have been giving awesome conference talks and religiously answering questions on Stack Overflow and Quora. Without this support there would be no Meteor. In fact, 0.5.0 contains more community patches than every previous Meteor release combined.
Today's release includes everything necessary to build and deploy secure applications using Meteor:
New authentication APIs on the server: a
Meteor.allowAPI that controls which data a Meteor client is allowed to change in the database, and hooks that give the Meteor server control over what data it sends to each client. These core APIs operate at the wire protocol layer, so they establish a strong foundation for security.
Meteor Accounts, a state-of-the-art user account system built on top of the core Meteor authentication APIs. Accounts provides a set of high-level APIs to manage user accounts, which are stored in the
Support for the Secure Remote Password protocol. Developed at Stanford, SRP lets a user securely log in to a server without ever sending that server their unencrypted password. The kind of high-profile security breaches at LinkedIn and Pandora earlier this year are impossible with SRP. Instead of asking every application developer to safely store passwords, we've baked the very best technology right into Meteor Accounts.
Smart packages for major OAuth login services, including Google, Facebook, Twitter, GitHub, and Weibo. Packages for additional providers are also available on Atmosphere, a repository for community packages.
Accounts UI, a set of login, signup, and password reset forms that drop right into an application with one line of code. Accounts UI also provides configuration wizards for each of the OAuth login packages.
All the parts of Meteor work together. Subscriptions automatically rerun when the current user changes, so it's very easy to publish more documents or extra document fields to authenticated users. The UI widgets automatically reconfigure themselves as you add new login services. Password-based accounts include a password recovery link, and if you deploy to our servers with
meteor deploy there's absolutely no configuration required to send the reset email. Thescreencast demonstrates each of these, so we hope you'll take a moment to watch.