About This Book

My name is Pete Corey, and between the years of 2014 and 2017, I lived and breathed Meteor security. I spent those years writing and speaking about Meteor security, developing and deploying secure Meteor applications, working with amazing teams to better secure their Meteor applications, and building security-focused packages and tools for the Meteor ecosystem.

Secure Meteor is an effort to capture and distill everything I’ve learned about Meteor security from my years of real-world Meteor security experience.

It’s important to point out that Secure Meteor is in no way, shape, or form intended to be a replacement for the Meteor Guide. In fact, this book is intended for Meteor developers who have read and internalized the Meteor Guide’s recommendations on security. Think of Secure Meteor as hyper-focused supplementary material to help you understand the ins and outs of Meteor security and the security of your application.

For developers who have thoroughly read the Meteor Guide, much of what we discuss in Secure Meteor will be review. That said, we will cover quite a bit of new ground, and make the threats discussed in the Meteor Guide much more real with hands on examples of possible exploits that can be carried out by malicious users of your application.

Securing your application is more than following a prescriptive list of dos and don’ts. Being able to build secure Meteor applications requires a mindset that deeply and intuitively understands potential attacks before they happen. My ultimate goal with this guide is to help you see your application through this mindset.

The examples in this book were written using Meteor 1.8:

~ meteor --version
Meteor 1.8.0.2

That said, the content and ideas we discuss are applicable to most past and (hopefully) future versions of Meteor.