Apply recommended security enhancements #3085
Description
Apply security enhancements recommended in the security guidelines for Meteor:
"1. Add package to explicitly block XSS and clickjacking attacks "
"2. Disable uncontrolled and free use of profile field assigned by default for each Meteor user"
"3. Limit the login attempts per connection to three per 10 seconds."
Description:
By adding browser-policy package, cross site scripting attacks are harder to construct. No changes to code required.
Disabling the uncontrolled user profile is recommended in the security guidelines.
Limiting/ lowering the amount the login attempts per connection will reduce the impact of brute force attacks against the user accounts.
User Story:
"As a user, I will not be prone to specially constructed harmful sites capturing the user input intended for the API portal."
"As a user, I will not be able to abuse the unlimited user profile storage provided by Meteor by default."
"As a user, my password is better secure when login attempts are limited."