meteor private subdirectory

Question

I was recently made aware of meteor private subdirectories. According to the docs: "The private subdirectory is the place for any files that should be accessible to server code but not served to the client, like private data files." I am a newbie at web development in general, so my question is what is the advantage of having these files within the private subdirectory vs. just in the server subdirectory itself? Is the server subdirectory not private - e.g. I have some email templates defined and my email login information is set up in a startup function in the server subdirectory, are these somehow exposed to the client? Any clarification would be very helpful, thanks!

Answer 1

No, your code in the server directory is safe. The difference is on how you use/access those files. Files in your server directory will be loaded/executed on the server, and they would also be difficult to access using the filesystem in the running app. Content of files in your private directory is available as an asset. See http://docs.meteor.com/#assets for full details.

The thing to note is that your server code does not execute in your server directory, but will have a current working directory that is a temporary build directory within .meteor. So if you wanted to use, say, the fs node package to read files in your server directory, you'd first need to find it. Moreover, any new file or a file change in your server directory will trigger meteor to restart your app. There are scenarios where you don't want that. So private gives you a place to handle files that do not affect the execution of the app.

Another way to think about it is that private is for the server what public is for the client.