Meteor Accounts with infinite loop

rikyperdana · March 9, 2018, 4:20am

If I type this command on Chrome console

random = function(){
    return Math.random().toString(36).slice(2)
}

while(true){
    Accounts.createUser({
        username: random(),
        password: random()
    })
}

After about 5 minutes, chrome crases, my i5 pc crashes. I rebooted the pc, and run the project back, when I check meteor mongo, use db.users.find().length(), it shows a whopping (1.2 million) numbers of accounts. I can’t imagine if one of my team do some pranks with this code, I’ll be done for.

Does somebody have any ideas to tackle this?

evilhei · March 9, 2018, 6:12am

Run meteor remove insecure and you should be fine

More about security here - https://guide.meteor.com/security.html#methods

rikyperdana · March 9, 2018, 6:24am

Sorry, but I removed insecure package right from the start of creating this project. That’s not the right solution

minhna · March 9, 2018, 7:42am

You can use ddp rate limiter

coagmano · March 10, 2018, 12:58am

This is just a type of DOS flood attack, so standard rate limiting and other (D)DOS prevention techniques are needed.
As they are for any kind of webapp in any language/framework