> I think the only reasonable way to use GraphQL is to only allow a set of white... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gedy on May 31, 2024 \| parent \| context \| favorite \| on: After 6 years, I'm over GraphQL > I think the only reasonable way to use GraphQL is to only allow a set of whitelisted queries That's already how it works, it is not an open ended SQL query. The GraphQL schema is the whitelist.

devit on May 31, 2024 [–]

No, I mean of whitelist of full GraphQL queries with string/number arguments, where you can only run one of the queries in the whitelist, and the client can only choose which query and the string/number values, but not submit an arbitrary query string.

gedy on May 31, 2024 | [–]

The schema you expose can do that afaik.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact