rate limiting (in meteor core)
TRANSCRIPT
Rate limitingin Meteor Core
DoS Schutz
The Meteor Core Way
meteor add ddp-rate-limiter
http://info.meteor.com/blog/rate-limiting-in-meteor-core
Subscriptions
for (var subscription in Meteor.default_server.publish_handlers){ DDPRateLimiter.addRule({ type: 'subscription', name: subscription }, 5, 1000);}
Methods
for (var method in Meteor.default_server.method_handlers){ DDPRateLimiter.addRule({ type: 'method', name: method }, 5, 1000);}
What about Meteor internals (login,..)?
for (var method in Meteor.default_server.method_handlers){if(method.substring(0,1)!="/" && method != "login"){
...}
}
Meteor DoS Attack with 3 Lines of Code
for (var x=0;x<99999999;x++){Meteor.subscribe("publicLists");
}
Thanks… and stay safe :)
faburem Fabian Kromer @faburem