Right now there is no option to guard your GraphQL API against malicious queries integrated.
Hasura has Allow Lists which is a list of safe queries that restrict the GraphQL engine so that it executes only those queries that are present in the list. More on docs
But i agree, we don't have rate limiting and stuff which is required for many use cases and it is work in progress right now :)
Yes, you're right, Allow Lists was a good first step in that direction. But there are some uses cases which they don't cover, like public APIs or quick changing queries.
I'd love to see some kind of query limiting / cost analyzin in Hasura. Maybe coupled with Postgres EXPLAIN?
Also rate limiting would be nice to have. That's mentioned on hasura.io as part of the coming Pro services. Curios to see how that turns out.
I'm sure the Hasura team figures all that out 😆
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Nice post :)
Regarding your point
Hasura has
Allow Listswhich is a list of safe queries that restrict the GraphQL engine so that it executes only those queries that are present in the list. More on docsBut i agree, we don't have rate limiting and stuff which is required for many use cases and it is work in progress right now :)
Yes, you're right,
Allow Listswas a good first step in that direction. But there are some uses cases which they don't cover, like public APIs or quick changing queries.I'd love to see some kind of query limiting / cost analyzin in Hasura. Maybe coupled with Postgres
EXPLAIN?Also rate limiting would be nice to have. That's mentioned on hasura.io as part of the coming Pro services. Curios to see how that turns out.
I'm sure the Hasura team figures all that out 😆