Dear Meat! Team, dear Meat! Community,
Installing Meat on an public ip at the moment is dangerous for your private data, since Meat! hasn’t implemented any firewall setting or closing policy yet.
1.) Open Redis Server
The default redis port is open and fully accessible, so you can query with curl data out from it
2.) Open MongoDB Server
Same here, you actually can get a list of all mongodb databases, for free
Request: Meat! no one needs my data from outside, please make sure these daemons are only listening on 127.0.0.1 or apply iptables for that
Workaround: While working on a larger VMWare Installation, the firewall is managed from outside (in my case pfsense), so I can block the default ports just form there.
Additional security issue: Everyone, who is familar with Meat!, will know meaturl:8080 is the admin access to your Meat! Instance. There is no option of master password for this area. You will still have the work with firewall and close the ports 8080 + 8443 and open them on demand.