I would like to ask you about Meteor.js security.
I am writing a thesis about Meteor.js and I try to check performance and security of Meteor.js :-).
I would like to ask you for ideas what things can I check. I wrote simple framework to test external Meteor.js instance.
For now, in my framework I can:
- Spawn N users on external Meteor.js instance
- Fire a method on external Meteor.js instance by N users in asynchronous time
- Subscribe a publication on external Meteor.js instance by N users in asynchronous time
- Check if collections have correctly allow/deny values. User can choose the name of the collection, number of tests and set if insert/update/remove should be allow or deny. After that, framework try to insert || update || remove and show the results.
- Fire a insert || remove || update on collection.
All tests were made on another Meteor.js instance using the node-ddp npm module (to connect with another Meteor.js instance) and Kadira package.
I want to run hundreds of tests and then comparing all the results.
Does anybody have some ideas for security tests?