Your Schema is Showing

Your Schema is Showing


Here’s a look at the results from our recent effort analyzing GraphQL API endpoints across the web, and the percentage of those endpoints that allowed an unauthenticated user to view the query & data schema. The intent of this article is to address the implications of allowing this schema to be retrieved, similar technologies that allow access to their schema, what can be done about it, and the trend of those who have prevented such a disclosure.

(more…)

© PEN Consultants, LLC 2013 -