Your Galaxy applications just got more secure thanks to Two-Factor Authentication on all Meteor Developer Accounts (MDA) and App Protection on Galaxy Hosting.
You can rest easier knowing that you have additional layers of security protecting you from hackers and malicious attacks.
Let’s go into how we’ve made things more secure:
App Protection
App Protection on Galaxy Hosting is a new feature in our proxy server layer that sits in front of every request to your application. This means that all requests across servers are analyzed and measured against expected limits. This will help protect against DoS and DDoS attacks that aimed to overload servers and make your app unavailable for legitimate requests.
If a type of request is classified as abusive (we’re not going to go into the specifics as to how we determine this), we will stop sending these requests to your app, and we start to return HTTP 429 (Too Many Requests).*
Although not all attacks are preventable, our App Protection functionality, along with standard AWS protection in front of our servers, will provide a greater level of security for all applications deployed to Galaxy moving forward.
For additional security, it is best to configure your app to limit the messages received via WebSockets, as our proxy servers are only acting in the first connection and not in the WebSocket messages after the connection is established. Meteor has the DDP Rate Limiter configuration already available, find out more here.
Two-Factor Authentication
The benefits of Two-Factor Authentication are obvious to all. Now it’s available for all Meteor Developer Accounts, and therefore all applications deployed to Galaxy.
To enable Two-Factor Authentication on your Meteor Developer Account, please login, then click on Security on the left hand side, then “enable”
These two security additions to Galaxy are part of an on-going effort to make Galaxy the world-class cloud hosting platform for Meteor applications.
If you missed our last Galaxy release of Autoscaling, API and Notifications, you can learn more about that here. Or, see our full Galaxy Roadmap here for all of our future updates to the platform.
Try all Galaxy Hosting absolutely free for 30 days! Pay for only what you use after that.
Have a question? Reach out to us at support@meteor.com, or check out the forum.
Thanks for being part of the community!
The Meteor Team
*Owners of apps that incur potential attacks will be contacted until August 5th 2020. If you want to disable app protection you can do so — you still have full control. Reach out to us at support@meteor.com for additional details.
Security Where You Need It: Introducing Two-Factor Authentication + App Protection was originally published in Meteor Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.