graphql-sequelize-crud icon indicating copy to clipboard operation
graphql-sequelize-crud copied to clipboard

Published 20 hours ago verified publisher icon Glavin001

Security issue, the alternative

Open Yehonal opened this issue 5 years ago • 0 comments

This library has a security issue:

even if you apply a middleware on a table, this middleware is not applied on same table when called in a nested query. So, for example, if you create an auth middleware on a table, you can access to private data via nested queries instead.

There's an alternative library on which i'm working on currently: https://github.com/alirizwan/sequelize-graphql-schema/ without this issue

Yehonal avatar Jan 24 '19 15:01 Yehonal