I'm new in Derby.js environment, and as far as I see Racer is exposing all the data on client side.
So, basically anybody could manipulate any data stored on server? Am I correct? Is there any way to manage access control?
There is plugin for Racer - racer-access
Use it like this:
var racerAccess = require('racer-access');
derby.use(racerAccess);
store.allow('change', 'users', function (some usefull arguments) {
return true || false;
});