My presentation about GraphQL Security
- Overview: Query, Mutation, Subscription
- What kinds of attacks?
- Limit query complexity
- Disable introspection query
- Limit introspection
- Whitelist queries (persisted queries)
- Other solutions (infrastructure)
- Programmatically: Middleware
- Mutation Middleware: Roles
- viewerCanSee() (not added)