How to test the security of Meteor app and data?

so basically I want to know how an attacker would try to steal or break / destroy data on the server. What would they do to test the security of the app and the server? My main concern is that meteor seems to require a little more attention to detail when securing it.

My understanding is that:

  • Removing the insecure and autopublish packages
  • Adding rules to deny updates for all collections (including and especially users)
  • Using methods with client stubs and server side counterparts that check user is validated (and any other business rules)

should be all that is needed.. but I wanted to check with you guys for my own sanity and for the record so anyone else out there who loves this framework but isn’t 100% sure how to achieve server and data security can get an easy guide and peace of mind going in..

Thanks, Ash.


Source: stackoverflow-javascript

Send SMS via Twilio npm package – Error cannot find – Error: Cannot find module ‘./webhooks’

I am trying to send a simple SMS via Twilios npm package, I have tried some of the current packages out there with no avail. So I thought I would go the good old fashioned npm route. That also seems to fail at the following server error message:

W20170306-13:50:46.118(-8)? (STDERR) Error: Cannot find module ‘./webhooks’
W20170306-13:50:46.118(-8)? (STDERR) at require (packages/modules-runtime.js:123:19)
W20170306-13:50:46.119(-8)? (STDERR) at meteorInstall.node_modules.twilio.lib.index.js (packages/modules.js:342:16)
W20170306-13:50:46.119(-8)? (STDERR) at fileEvaluate (packages/modules-runtime.js:197:9)
W20170306-13:50:46.119(-8)? (STDERR) at require (packages/modules-runtime.js:120:16)
W20170306-13:50:46.120(-8)? (STDERR) at meteorInstall.server.server.js (server/server.js:3:14)
W20170306-13:50:46.120(-8)? (STDERR) at fileEvaluate (packages/modules-runtime.js:197:9)
W20170306-13:50:46.120(-8)? (STDERR) at require (packages/modules-runtime.js:120:16)
W20170306-13:50:46.121(-8)? (STDERR) at /Users/nicholas/Desktop/meteor/esoLounge/.meteor/local/build/programs/server/app/app.js:15:1
W20170306-13:50:46.123(-8)? (STDERR) at /Users/nicholas/Desktop/meteor/esoLounge/.meteor/local/build/programs/server/boot.js:303:34
W20170306-13:50:46.124(-8)? (STDERR) at Array.forEach (native)

This is my server code:

let accountSid = 'ACxxxxxxxxxxxxxxxxxxxxa',
    authToken = 'a91xxxxxxxxxxxxxxxxxxxxxxxxxa',
    twilio = require("../node_modules/twilio/lib"),
    client = new twilio.RestClient(accountSid, authToken);

client.messages.create({
    body: 'Hello from Node',
    to: '+15555555551', 
    from: '+15555555551'
}, function(err, message) {
    console.log(message.sid);
});

I am also open to working solutions outside of Twilio, if there is any. Thanks!


Source: stackoverflow-javascript