Open amitava82 opened 1 year ago
https://github.com/himanshusr/graphql-react/blob/20f83806eecc298cf858a72b213a30b1bbc290ee/src/components/App.js#L11
I can see your secret in header dz6B8m6erQ930wncSC41sBvVQuXrIT3HkANuxW82U3lY1k9MGfLEWQvoOKR0e32Q. Now I can do anything on the DB. How do you think it can be secured?
dz6B8m6erQ930wncSC41sBvVQuXrIT3HkANuxW82U3lY1k9MGfLEWQvoOKR0e32Q
By creating non-admin accounts in the Hasura backend, adding the required permissions, and adding an auth flow using JWT @amitava82
https://github.com/himanshusr/graphql-react/blob/20f83806eecc298cf858a72b213a30b1bbc290ee/src/components/App.js#L11
I can see your secret in header
dz6B8m6erQ930wncSC41sBvVQuXrIT3HkANuxW82U3lY1k9MGfLEWQvoOKR0e32Q
. Now I can do anything on the DB. How do you think it can be secured?