Hi guys, We are trying to migrate from MySQL to dgraph and we want to use GraphQL API by implementing our schema after the migration, but we do not know how we can limit and prevent malicious queries. for example what is the solution to prevent user or attacker from requesting 1000000 results(by s…

Welcome to the forms @pshaddel ! Dgraph has an @auth directive that I believe you can use to do what you’re asking. For example: type Todo @auth( query: { rule: """ query { queryTodo(first: 100) { id } }""" } ){ id: ID! t…

Thank you Jonathan. I just checked the query and it is working fine with filters and all the other stuff. Good luck

@jdgamble555 Hi Jonathan, When I was testing this in Jun 12 it was working fine but right now it is not working and I cannot limit number of results. I created a backend with only one type exactly like what you noted down here: type Todo @auth( query: { rule: """ query { …

I was able to reproduce this same error. I am wondering if you were recently upgraded from 20.11, and if the upgrade caused the bug? Do you know by chance? If so, then it may be a bug that needs to be reported in 21.03. J

I was testing it in dgraph cloud so I think this is because of the upgrade.

@MichelDiz - This is a Bug, should I create a new thread for this? J

I created this after I realized this is a bug: [image] Bug: Cannot limit number of results using auth directive to prevent malicious... Issues GraphQL …

How can we secure the GraphQL API from malicious queries in Dgraph?

Users GraphQL

pshaddel (Poorshad Shaddel) July 31, 2021, 6:33am 8

I created this after I realized this is a bug:

Topic		Replies	Views
Bug: Cannot limit number of results using auth directive to prevent malicious queries GraphQL auth , status:accepted , kind:bug , ticket:created	4	1210	January 25, 2022
Rate Limit in Dgraph Dgraph	12	1577	February 5, 2022
DQL queries need to respect GraphQL @auth rules Dgraph auth , dgraph , area:security	7	1680	October 1, 2020
Auth is really slow GraphQL kind:enhancement , kind:bug	0	600	November 12, 2021
[BUG] Dgraph is limiting query results that use "order" to 1000 GraphQL kind:bug	3	1400	November 26, 2021

How can we secure the GraphQL API from malicious queries in Dgraph?

Related topics