Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

meteor xss code tampering

My main concern is the following :

  • since meteor is based on JavaScript, it can be changed/tampered @ client side, so what happens if I change or create new collections and start to spam the db will it be only @ client side (memory only) or on both sides i.e: server side too.

  • is user input is cleaned from xss before the save in the server side ?.

like image 891
mohamed mellouki Avatar asked Jul 25 '12 17:07

mohamed mellouki


1 Answers

If you create a new collection on the client side, the server will have no knowledge of this and also will not create the necessary stuff to edit the database server side. The spammed data will only be in the client side memory.

Trees  = new Meteor.Collection("boom");
    Meteor.Collection
Trees.insert({hi:"hi"});
    "4b0d5ff2-058c-4041-849b-ce2e0d548160"
logging.js:30: insert failed: 404 -- Method not found
like image 199
Lander Van Breda Avatar answered Nov 01 '22 05:11

Lander Van Breda