alt Hacker NewsThat's something you should only really do in development, and then cement for production. Having open queries where an attacker can find interesting resolver interactions in production is asking for trouble
Replies
fgkramer • last Sunday at 8:28 PM
But has this been thoroughly documented and are there solid libraries to achieve this?
My understanding is that this is not part of the spec and that the only way to achieve this is to sign/hash documents on clients and server to check for correctness
➕ show 2 replies
hdjrudni • last Sunday at 8:07 PM
Sure, maybe you compile away the query for production but the server still needs to handle all the permutations.
➕ show 1 reply
> That's something you should only really do in development, and then cement for production
My experience with GraphQL in a nutshell: A lot of effort and complexity to support open ended queries which we then immediately disallow and replace with a fixed set of queries that could have been written as their own endpoints.