Enhancing security when using GraphQL
Introduction In previous articles, I have provided guidance on using GraphQL in project development, however, the flexibility of GraphQL also comes with security risks that are not fully supported by default. In this article, I will guide you through two simple but effective ways to enhance security including Limit data : This applies not only to GraphQL but also to Restful APIs, this is the minimum necessary action to prevent Massive Data Retrieval attacks, because by default when querying data, it will fetch all records in the table, if your database has millions of records, it will cause your system to suffer an Out of Memory (RAM crash) immediately due to processing and parsing a huge amount of JSON data. GraphQL deep limit : Prevent Deep Nested Query attacks, in practical use cases, tables will always have relations with each other. If hackers discover this relationship, they can write nested queries 20-30 levels deep (such as users -> orders -> products -> order -> us...