2023-02-25 05:53:12 +03:00
|
|
|
======================
|
|
|
|
|
Security consideration
|
|
|
|
|
======================
|
|
|
|
|
|
2023-03-16 21:50:46 +03:00
|
|
|
In this section, we will discuss the most common security risks and how to mitigate them.
|
|
|
|
|
|
2023-03-16 01:40:28 +03:00
|
|
|
As GraphQL is a query language, it allows users to use a wider pannel of inputs than traditional REST APIs.
|
|
|
|
|
Due to this feature, GraphQL APIs are inherently prone to various security risks, but they can be reduced by taking
|
|
|
|
|
appropriate precautions. Neglecting them can expose the API to vulnerabilities like credential leakage or denial of
|
|
|
|
|
service attacks.
|
2023-02-25 05:53:12 +03:00
|
|
|
|
2023-03-16 21:50:46 +03:00
|
|
|
As Graphene is only an engine to run GraphQL queries, it is not responsible for the HTTP layer and this security must be
|
|
|
|
|
handled by the web framework you are using. For example, if you are using Django-GraphQL, you may also want to check out
|
|
|
|
|
the `Django documentation`_ on how to secure your API.
|
2023-03-16 05:18:13 +03:00
|
|
|
|
|
|
|
|
.. toctree::
|
2023-03-16 21:50:46 +03:00
|
|
|
:maxdepth: 1
|
2023-03-16 05:18:13 +03:00
|
|
|
|
2023-03-16 21:50:46 +03:00
|
|
|
maxdepth
|
2023-03-17 00:27:31 +03:00
|
|
|
introspection
|
|
|
|
|
customvalidation
|
2023-03-17 01:09:49 +03:00
|
|
|
dast
|
2023-03-16 21:50:46 +03:00
|
|
|
|
|
|
|
|
.. _Django documentation: https://docs.djangoproject.com/en/4.1/topics/security/
|
