← Back to context

Comment by qw

4 years ago

Even if you solve the security issue, a query can easily bring down the server if it has a complex join query.

This could be solved by only exposing stored procedures, but that just moves the code to the database server instead of the REST service with the same problems as before.

5 comments

qw

Reply
tored  4 years ago

You can also use a VIEW.

How does GraphQL make sure to respect table indexes? If not you get a super slow query.

  • qw  4 years ago

    You can still get performance issues with a view if you "select *" on a large amount of data, or join with other views. By exposing the SQL to a web page, you also open up for DDoS attacks more easily, as you can write complex SQL queries

    You can get the same problems with GraphQL or stored procedures too of course, if the queries are not optimized correctly

  • tekknik  4 years ago

    Because a human is writing the resolvers pulling the data from the database. Set whatever index you want to use.