Meteor / Node Server Security Best Practices

Question

Meteor / Node Server Security Best Practices

What are the best methods of protecting the Meteor.js application, assuming that we have already taken care of the CSRF attacks, got the correct user input verification, deleted the packages, auto-publishand insecure?

+3

javascript security linux node.js meteor

Nyxynyx Feb 12 '14 at 8:30

source share

1 answer

Akshat · Answer 1 · 2014-02-12T08:42:26+0000

You seem to have done most of the material already.

Additionally:

Remember to use an SSL proxy in front of your Meteor application (supporting websites).
Make sure your database is only available for your meteor application (restriction of the IP address of the firewall).
If you have any Meteor methods, make sure you verify that the user who has them has permission to do so, especially when you change the database.
non-meteor / , , .
check Meteor, allow deny, , , . audit-argument-checks .
, Meteor .
, var ( ).
, , (.. collection.findOne(xx).yy ( , , ).
, eval ( , ) - , , eval, , , ( , ).
services ( ) , resume. ( , ).

, insecure autopublish, .

, , , .

Meteor / Node Server Security Best Practices

More articles: