From a35b3e78d1bce68af6e624fae5b9e41666301c8b Mon Sep 17 00:00:00 2001 From: Harry Adel Date: Mon, 20 Dec 2021 13:42:37 +0200 Subject: [PATCH 1/2] Add OWASP cheet sheet for Node.js --- guide/source/security.md | 1 + 1 file changed, 1 insertion(+) diff --git a/guide/source/security.md b/guide/source/security.md index 81dbb96ce3..7c2ea0364c 100644 --- a/guide/source/security.md +++ b/guide/source/security.md @@ -695,6 +695,7 @@ This is a collection of points to check about your app that might catch common e 1. Secure the data, not the UI - redirecting away from a client-side route does nothing for security, it's a nice UX feature. 1. [Don't ever trust user IDs passed from the client.](http://guide.meteor.com/security.html#user-id-client) Use `this.userId` inside Methods and publications. 1. Set up secure [HTTP headers](https://guide.meteor.com/security.html#httpheaders) using [Helmet](https://www.npmjs.com/package/helmet), but know that not all browsers support it so it provides an extra layer of security to users with modern browsers. +1. At the end of the day, Meteor is nothing but a Node.js app so make sure to also follow the [best practises](https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html) to ensure maximum security.

App Protection

App Protection on Galaxy Hosting is a feature in our proxy server layer that sits in front of every request to your application. This means that all requests across servers are analyzed and measured against expected limits. This will help protect against DoS and DDoS attacks that aimed to overload servers and make your app unavailable for legitimate requests. From 0d80244ef5fa9e61d3d3f8d995e20899109a8352 Mon Sep 17 00:00:00 2001 From: Harry Adel Date: Wed, 29 Dec 2021 17:12:22 +0200 Subject: [PATCH 2/2] Remove 'nothing but' --- guide/source/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guide/source/security.md b/guide/source/security.md index 7c2ea0364c..8eca5f4500 100644 --- a/guide/source/security.md +++ b/guide/source/security.md @@ -695,7 +695,7 @@ This is a collection of points to check about your app that might catch common e 1. Secure the data, not the UI - redirecting away from a client-side route does nothing for security, it's a nice UX feature. 1. [Don't ever trust user IDs passed from the client.](http://guide.meteor.com/security.html#user-id-client) Use `this.userId` inside Methods and publications. 1. Set up secure [HTTP headers](https://guide.meteor.com/security.html#httpheaders) using [Helmet](https://www.npmjs.com/package/helmet), but know that not all browsers support it so it provides an extra layer of security to users with modern browsers. -1. At the end of the day, Meteor is nothing but a Node.js app so make sure to also follow the [best practises](https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html) to ensure maximum security. +1. At the end of the day, Meteor is a Node.js app so make sure to also follow the [best practises](https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html) to ensure maximum security.

App Protection

App Protection on Galaxy Hosting is a feature in our proxy server layer that sits in front of every request to your application. This means that all requests across servers are analyzed and measured against expected limits. This will help protect against DoS and DDoS attacks that aimed to overload servers and make your app unavailable for legitimate requests.