Is your feature request related to a problem? Please describe.
Security is obviously of prime importance, and I’m exploring various potential security loopholes prior to release of our Prisma Cloud-based SaaS. This excellent essay by @mxstbr opened my eyes to some of the potential issues we’d need to be ready for.
Describe the solution you'd like
Thus far I’m not seeing any of these issues addressed in the new Prisma Docs — for example, how to implement rate limitation, depth limitation, and query cost analysis. Is that because it’s not really within Prisma’s scope to offer these services or docs, or is it something that will be explained and implemented in the future?
heymartinadams
All 10 comments
Hey @heymartinadams, thanks a lot for brining this up! Topics like rate limiting and depth limitation are indeed not really in the scope of Prisma as they're typically implemented in _public facing_ APIs which is not how Prisma is intended to be used. So these mechanisms need to be implemented on the _application layer_ rather than the Prisma layer.
In any case, we're planning to add new Best practices section to our new docs soon! We'll cover these topics there, I'm leaving this issue open until then!
nikolasburk
on 9 Aug 2018
Here’s another great security resource (adding this to the discussion for reference): https://graphqlmastery.com/blog/graphql-security-in-node-js-project
heymartinadams
on 19 Aug 2018
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 3 Oct 2018
Hey bot, I’d still be interested in a Best practices section ☺️
heymartinadams
on 3 Oct 2018
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
stale[bot]
on 17 Nov 2018
Perhaps we should keep it open, @nikolasburk?
heymartinadams
on 17 Nov 2018
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.
stale[bot]
on 1 Jan 2019
Bot... keep it open, please.
heymartinadams
on 2 Jan 2019
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.
stale[bot]
on 23 Feb 2019
Added the feature label so that bot doesn't mark this as stale.
pantharshit00
on 23 Feb 2019
Related issues
akoenig
·
3Comments
nikolasburk
·
3Comments
tbrannam
·
3Comments
notrab
·
3Comments
sorenbs
·
3Comments
Most helpful comment
Perhaps we should keep it open, @nikolasburk?