Yes sure, but even if the user is authorized, I don't think we should simply let him run any query of his choice directly on the database.
RESTful services are, to me, a good way of orchestrating backend calls, and it has its pros and cons versus GraphQL.
To be honest I don't know GraphQL enough though !
Most db -> graphql layers (like hasura or postgraphile) respect and/or even take into account the security policies and roles of the db when generating the graphql schema (basically the list of types, queries, and mutations that you can use to build graphql queries).
A graphql query (basically a GET request) or mutations (basically a POST request) would never simply be mapped to a raw sql query.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Yes sure, but even if the user is authorized, I don't think we should simply let him run any query of his choice directly on the database.
RESTful services are, to me, a good way of orchestrating backend calls, and it has its pros and cons versus GraphQL.
To be honest I don't know GraphQL enough though !
Most db -> graphql layers (like hasura or postgraphile) respect and/or even take into account the security policies and roles of the db when generating the graphql schema (basically the list of types, queries, and mutations that you can use to build graphql queries).
A graphql query (basically a GET request) or mutations (basically a POST request) would never simply be mapped to a raw sql query.