In my mind that's just an insert that joins the contracts table and makes a case... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jseban on May 6, 2022 | parent | context | favorite | on: GraphQL Is a Trap?

In my mind that's just an insert that joins the contracts table and makes a case active_contracts < 3 then true else false, for the require_sign_off column.

littlecranky67 on May 6, 2022 [–]

You cannot trust the query issuer (Browser or App on the client). If you have a public GraphQL API, you need to enforce these rules. If you can just alter the query to bypass the business rule, this is called a security hole.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact