How to test the security of Meteor app and data?

so basically I want to know how an attacker would try to steal or break / destroy data on the server. What would they do to test the security of the app and the server? My main concern is that meteor seems to require a little more attention to detail when securing it.

My understanding is that:

  • Removing the insecure and autopublish packages
  • Adding rules to deny updates for all collections (including and especially users)
  • Using methods with client stubs and server side counterparts that check user is validated (and any other business rules)

should be all that is needed.. but I wanted to check with you guys for my own sanity and for the record so anyone else out there who loves this framework but isn’t 100% sure how to achieve server and data security can get an easy guide and peace of mind going in..

Thanks, Ash.


Source: stackoverflow-javascript

Rebuild SQL database, creating new topic tables using post ID

A few years ago, I exported an SQL database for a forum without an opportunity to double-check the integrity of the file and after importing the database into a site backup, I found that all tables after “P” are missing. Posts are intact but the topic tables are gone. I copy/pasted the missing tables from a fresh installation just to get the database to load and found that a select few posts display in test threads, allowing me to view some content but obviously without the correct thread title.

I’d like to put together an SQL query that will automatically create new topicIDs using the available posts so that I can rebuild the topics/posts for viewing. I could do this manually by keying everything into the SQL file myself but that would take a tremendous amount of time given the database contains between 3-4k posts.

I’m not SQL savvy, only knowing the basic functions of phpMyAdmin so whatever relevant information needed will need to be requested. I’ll add a few things here that may be of some use.

I initially sought support via the Microsoft SQL forums and was redirected here but only after being given an example query.

INSERT INTO dbo.Thread(postID, content)
SELECT Post.postID, NULL
FROM dbo.Post
WHERE NOT EXISTS(
    SELECT 1
    FROM dbo.Thread
    WHERE Thread.postID = Post.postID
    AND Post.postDate < '20140101' --date of bad export
);

MySQL tables are in UTF-8. Not sure if it’d be of any help to list available table keys or not but I can provide those when asked.

Forum software is Invision Power Board. Tech support referred me to my web host and this is far outside my host’s scope of support. This is really my last ditch effort to save the remaining post data for archival purposes.


Source: stackoverflow-php

Create Table from Another Table – MYSQL to MSSQL conversion

I’m in the process of converting a database from MYSQL to MSSQL/TSQL, and I can’t get the following MYSQL query to work in MSSQL. Looking for a fresh set of eyes to see what I’m missing.

Working MYSQL Query:

CREATE TABLE tempTable 
AS (SELECT * FROM Note WHERE createdate IN (SELECT MAX(createdate) 
FROM Note GROUP BY `taskPK`));

The query looks for the max date of a note row for a given id. There may be multiple Note rows with the same ID and it will find the newest row and insert it into the new table.

Non-Working MSSQL Example 1: (Incorrect Syntax near ‘(‘)

CREATE TABLE tempTable 
AS(SELECT * FROM dbo.Note WHERE createdate IN (SELECT MAX(createdate) 
FROM dbo.Note GROUP BY taskPK));

Non-Working MSSQL Example 2: (Incorrect Syntax near the keyword INTO)

SELECT * 
FROM Note 
WHERE createdate IN (SELECT MAX(createdate) FROM Note GROUP BY taskPK) 
INTO tempTable FROM Note;

This new table (once created) will be used in the following query (which I haven’t tested yet in MSSQL):

SELECT Task.id, Task.taskdescription, Task.status, TaskSchedule.date, TaskGroups.name, tempTable.createDate FROM Task 
LEFT JOIN TaskSchedule ON Task.id = TaskSchedule.taskPK
LEFT JOIN TaskGroups ON Task.taskgroupid = TaskGroups.id
LEFT JOIN tempTable ON Task.id = tempTable.taskPK
WHERE Task.userPK = '$userPK' AND Task.status = 'Open'
ORDER BY tempTable.createDate DESC;

The above query selects a task that includes the newest note from the previous query I’m having problems with — adding this incase I’m making this more difficult than it needs to be.


Source: stackoverflow-php

no db connection on sever but works ok on localhost

my following codes are working just fine on wamp server on my laptop but now that i try to test my script on hostgator i guess database is not getting connected because the script wont log me in.

my db.php

<?php
//This is the name of your server where the MySQL database is running
$dbserver="localhost";

//username of the MySQL server
$dbusername="root";

//password

$dbpassword="";

//database name of the online Examination system
$dbname="";
?>

and my dbinclude.php which i add on every page is

<?php
include_once 'db.php';
$conn=false;

function executeQuery($query)
{
    global $conn,$dbserver,$dbname,$dbpassword,$dbusername;
    global $message;
    if (!($conn = @mysql_connect ($dbserver,$dbusername,$dbpassword)))
         $message="Cannot connect to server";
    if (!@mysql_select_db ($dbname, $conn))
         $message="Cannot select database";

    $result=mysql_query($query,$conn);
    if(!$result)
        $message="Error while executing query.<br/>Mysql Error: ".mysql_error();
    else
        return $result;

}
function closedb()
{
    global $conn;
    if(!$conn)
    mysql_close($conn);
}
?>


Source: stackoverflow-php