Meteor Accounts with infinite loop


#1

If I type this command on Chrome console

random = function(){
    return Math.random().toString(36).slice(2)
}

while(true){
    Accounts.createUser({
        username: random(),
        password: random()
    })
}

After about 5 minutes, chrome crases, my i5 pc crashes. I rebooted the pc, and run the project back, when I check meteor mongo, use db.users.find().length(), it shows a whopping (1.2 million) numbers of accounts. I can’t imagine if one of my team do some pranks with this code, I’ll be done for.

Does somebody have any ideas to tackle this?


#2

Run meteor remove insecure and you should be fine

More about security here - https://guide.meteor.com/security.html#methods


#3

Sorry, but I removed insecure package right from the start of creating this project. That’s not the right solution


#4

You can use ddp rate limiter


#5

This is just a type of DOS flood attack, so standard rate limiting and other (D)DOS prevention techniques are needed.
As they are for any kind of webapp in any language/framework