Limit the depth of queries that can be executed.
Discription
4. Mitigate malicious mutations
Limit mutation scope and complexity
Mutations are a powerful feature in GraphQL, but they also introduce more risk to your API than queries do. In fact, its possible for an attacker to write a single mutation that could wipe out all data in your database or even delete your entire database altogether! To mitigate this risk, we recommend limiting the ability of users to perform dangerous mutations by: 1) limiting access based on identity; 2) limiting access based on permissions; 3) using Apollo Servers built-in authorization features (see above)
https://t.co/YXfCXoMB4H
References
Back to Main