React native + meteor backend security


#1

I have a react native app that uses meteor for it’s backend via the In-Progress-team react native package.

Everything works great!

As I am about to put the app into production, I am wondering how to secure the meteor backend?

I want to completely disable web browsing to the meteor endpoint and if someone attempts to pull up the meteor endpoint in a web browser, they should be immediately redirected to another page/url of my choosing.

So in my case, the meteor backend is listening on app.company.com

If someone puts that in a browser they should be directed to company.com

Any other tips to harden/secure the meteor backend would be appreciated. It is currently only used to handle DDP and method requests from the react native mobile app.

Thanks.


#2

the same rules as usual apply: https://guide.meteor.com/security.html

redirecting to another domain does not add any security as this can be easily overcome (in fact, your app exactly does this, it has to overcome this redirect. So any client can).