Nopecio
CCConvex Community
•Created by Nopecio on 1/28/2025 in #support-community
Security questions
But still you would need a public function or action to call that internal one, so the basic problem is not solved
12 replies
CCConvex Community
•Created by Nopecio on 1/28/2025 in #support-community
Security questions
thank you!
12 replies
CCConvex Community
•Created by Nopecio on 1/28/2025 in #support-community
Security questions
Thank you, but that means i have to create that extra security layer for all my exported queries/mutations and actions?
if i have an exported deleteAllData mutation (in the api, like api.db.deleteAll), i could in theory use the console to invoke that method and have all my data erased without having access to the dashboard or cli, is this correct?
I know it should be lousy design, but a more practicall example would be changing the queries to obtain restricted data..
Thank you for your answers!
12 replies