Meteor Accounts with infinite loop


If I type this command on Chrome console

random = function(){
    return Math.random().toString(36).slice(2)

        username: random(),
        password: random()

After about 5 minutes, chrome crases, my i5 pc crashes. I rebooted the pc, and run the project back, when I check meteor mongo, use db.users.find().length(), it shows a whopping (1.2 million) numbers of accounts. I can’t imagine if one of my team do some pranks with this code, I’ll be done for.

Does somebody have any ideas to tackle this?


Run meteor remove insecure and you should be fine

More about security here -


Sorry, but I removed insecure package right from the start of creating this project. That’s not the right solution


You can use ddp rate limiter


This is just a type of DOS flood attack, so standard rate limiting and other (D)DOS prevention techniques are needed.
As they are for any kind of webapp in any language/framework