I wonder about security of GraphQL, esp for C-UD

Also,

• Risk of SQL injections
• Securing endpoints

Not directly related, but I also worry about GraphQL-NoSQL.

• What if I don't want to define a schema?

The worries come from here. Why couldn't frontend dev just write SQL?

Comments

[Ari Kalfus]

I just posted a comment on that other post - there is definitely a lot more "work" you need to do to secure a GraphQL endpoint that, these days, you get built-in with your chosen SQL ORM or library.