If you pick a random GraphQL framework and run it with default settings in production, disaster is waiting to happen.
Discription
2. The security of your API depends on the quality of the parser#
GraphQL parsers are not created equal! Some libraries use regular expressions for parsing operations while others rely on more sophisticated approaches like ANTLR or even hand written parsers. This means that some libraries will be able to parse Operations faster than other ones, but also that they might have problems when dealing with malicious inputs. I’m sure we all agree: no one wants their application to crash because someone sent them a malicious request
https://t.co/0Lx6fKycys
References
Back to Main