Info about Meteor Security and minimongo now available

xet7 · October 11, 2023, 1:15pm

Hi,
at Meteor Slack was this question:

Hello,
I have just seen the Meteor DevTools Evolved extension and was wondering if anyone had asked > themselves the question of security.
Insofar as all data is shown in the minimongo tab in plain text.
How can data be hidden from this extension?

And there was also request to move that content from Slack to Forums, because Slack content disappears in 3 months.

So I have added answer and additional security info here:

1) Security

github.com

wekan/wekan/blob/main/SECURITY.md

About money, see [CONTRIBUTING.md](CONTRIBUTING.md)

Security is very important to us. If you discover any issue regarding security, please disclose
the information responsibly by sending an email to support (at) wekan.team using
[this PGP public key](support-at-wekan.team_pgp-publickey.asc) and not by
creating a GitHub issue. We will respond swiftly to fix verifiable security issues.

We thank you with a place at our hall of fame page, that is
at https://wekan.github.io/hall-of-fame

## How should reports be formatted?

```
Name: %name
Twitter: %twitter
Bug type: %bugtype
Domain: %domain
Severity: %severity
URL: %url
PoC: %poc

This file has been truncated. show original

2) Hall of fame

https://wekan.github.io/hall-of-fame/

3) General info about WeKan

4) Feedback welcome

All feedback welcome, how these could be improved.

harry97 · October 11, 2023, 10:59pm

This is great thank you for sharing @xet7

alimgafar · October 17, 2023, 2:15pm

The question was posted by Slack member Antonio Rossetti.

alimgafar · October 17, 2023, 2:18pm

The thread was super useful because you responded with almost bullet point directives (that can be turned into an audit checklist) and some sample code illustrating points. I think that format was outstanding and directly useful.