I'm new in Derby.js environment, and as far as I see Racer is exposing all the data on client side.
So, basically anybody could manipulate any data stored on server? Am I correct? Is there any way to manage access control?
It seems share-access is now deprecated in favor of sharedb-access.
Here's a related discussion on the Derby mailing list "racer-access deprecated".
There is plugin for Racer - racer-access
Use it like this: