Security questions
Hi!
I love convex, but now i face a project restricted on the security front. So a couple of questions:
*There is no native apikey or token exchange between client and server, and the convex backend url is sent to the front (next_public_convex_url),
Does this means that anyone with knowledge of the schema could attack and steal my data (for example a former developer from my team?)
(in classical scenarios i rotate the passwords and that's about it, but in convex there is no such mechanism, the front directly query the data without any authentication.)
* Currently you invite team members to a team, and that team has access to all projects in it, ¿Is there access control or granularity per project?
I may not want all people accessing all data
Thank you for your help!
I love convex, but now i face a project restricted on the security front. So a couple of questions:
*There is no native apikey or token exchange between client and server, and the convex backend url is sent to the front (next_public_convex_url),
Does this means that anyone with knowledge of the schema could attack and steal my data (for example a former developer from my team?)
(in classical scenarios i rotate the passwords and that's about it, but in convex there is no such mechanism, the front directly query the data without any authentication.)
* Currently you invite team members to a team, and that team has access to all projects in it, ¿Is there access control or granularity per project?
I may not want all people accessing all data
Thank you for your help!
