Meteor Accounts with infinite loop

If I type this command on Chrome console

random = function(){
    return Math.random().toString(36).slice(2)

        username: random(),
        password: random()

After about 5 minutes, chrome crases, my i5 pc crashes. I rebooted the pc, and run the project back, when I check meteor mongo, use db.users.find().length(), it shows a whopping (1.2 million) numbers of accounts. I can’t imagine if one of my team do some pranks with this code, I’ll be done for.

Does somebody have any ideas to tackle this?

1 Like

Run meteor remove insecure and you should be fine

More about security here -

Sorry, but I removed insecure package right from the start of creating this project. That’s not the right solution

You can use ddp rate limiter


This is just a type of DOS flood attack, so standard rate limiting and other (D)DOS prevention techniques are needed.
As they are for any kind of webapp in any language/framework