Merge pull request #11814 from harryadel/patch-2

Add OWASP cheet sheet for Node.js
2026-05-02 03:01:46 -04:00 · 2022-02-10 14:03:06 -04:00
parent 2c85e0e5a6 1008c3b923
commit b7c57b314d
1 changed files with 1 additions and 0 deletions
--- a/guide/source/security.md
+++ b/guide/source/security.md
@@ -694,6 +694,7 @@ This is a collection of points to check about your app that might catch common e
 1. Secure the data, not the UI - redirecting away from a client-side route does nothing for security, it's a nice UX feature.
 1. [Don't ever trust user IDs passed from the client.](http://guide.meteor.com/security.html#user-id-client) Use `this.userId` inside Methods and publications.
 1. Set up secure [HTTP headers](https://guide.meteor.com/security.html#httpheaders) using [Helmet](https://www.npmjs.com/package/helmet), but know that not all browsers support it so it provides an extra layer of security to users with modern browsers.
+1. At the end of the day, Meteor is a Node.js app so make sure to also follow the [best practises](https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html) to ensure maximum security.

 <h2 id="appProtection">App Protection</h2>
 App Protection on Galaxy Hosting is a feature in our proxy server layer that sits in front of every request to your application. This means that all requests across servers are analyzed and measured against expected limits. This will help protect against DoS and DDoS attacks that aimed to overload servers and make your app unavailable for legitimate requests.