hiro/apollo-server
1
0
Fork 0
mirror of https://github.com/vale981/apollo-server synced 2025-03-06 02:01:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Tweaks to complexity limits.

Browse source
This commit is contained in:
Jesse Rosenberger 2018-04-29 21:11:30 +03:00
parent 23529ac9bc
commit 196ae929ac
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/source/best-practices/security.md
View file

@ -69,6 +69,8 @@ There are two common techniques to mitigate CDoS risks, and can be enabled toget
2. **Complexity limits**
Complexity limits, which limit the depth of an operation can be implemented using community packages like [graphql-depth-limit](https://github.com/stems/graphql-depth-limit) and [graphql-validation-complexity](https://github.com/4Catalyzer/graphql-validation-complexity). These can be used to avoid situations where a query is sent which, for example, requests a list of books, the authors of _those_ books, the books of _those_ authors, and so on. By limiting operations to an application-defined depth of "_n_", these can be easily prevented.
These can be used to limit the use of queries which, for example, request a list of books including the authors of each book, plus the books of those authors, and _their_ authors, and so on. By limiting operations to an application-defined depth of "_n_", these can be easily prevented.
We suggest implementing complexity limits using community-provided packages like [graphql-depth-limit](https://github.com/stems/graphql-depth-limit) and [graphql-validation-complexity](https://github.com/4Catalyzer/graphql-validation-complexity).
> For additional information on securing a GraphQL server deployment, check out [Securing your GraphQL API from malicious queries](https://dev-blog.apollodata.com/securing-your-graphql-api-from-malicious-queries-16130a324a6b) by Spectrum co-founder, Max Stoiber.