Is there any way to set up a whitelist of queries an external client could perform? Something like this. Or is there any other way to protect against malicious exponentially nested queries? @auth directives seems to be type-based and won’t protect against complex aggregations or deeply nested queries. Also I would prefer to keep the ability to call unrestricted GraphQL queries for authenticated backend.
1 Like
No, currently we don’t have any support to restrict the exponentially nested queries.
Thank you for your answer. Is there any plan/timeline to implement this? I’m working on a hobby project and do not expect any attacks, but a little bit afraid to invest into using Dgraph and suddenly have unusable server with no easy way to fix it.