Open
Description
- Note that disabling GraphiQL does NOT prevent people from inspecting your schema/documentation/etc - they can just run it themselves
- Beware various security issues, break down by types of auth: JWT, cookies, etc
- Prevent DOS attacks - analyse incoming requests for complexity and only allow through if simple enough; require limits for all collections; etc etc. Simplest workaround is to just whitelist the queries you're using
- Ensure logging isn't too much!
- Ensure Row Level Security is enabled on every table
More to come