jamesmundia
commented
7 years ago SSL certificate deployed to Heroku production instance
Closed jamesmundia closed 7 years ago
jamesmundia
commented
7 years ago SSL certificate deployed to Heroku production instance
In gitlab by @jamesmundia on Jan 26, 2017, 23:56
https://themeteorchef.com/blog/securing-meteor-applications#tmc-ssl
running a Meteor application without SSL configured can make your application immediately vulnerable. This is much like any web application and how it communicates with the server. Specific to Meteor and its usage of DDP, it's easy to "sniff" the traffic being sent to the server and inspect it. The result? A clever attacker could easily grab the login credentials for a user and login as them without issue. Of course, this is just one of several issues that running an application without SSL presents.