[SECURITY] automatically created molecular-db actions can't be authenticated

Question

Haiz14 opened this issue 2 years ago · 3 comments

/**
* The "moleculer-db" mixin registers the following actions:
*  - list
*  - find
* - count
*  - create
*  - insert
*  - update
*  - remove
*/

These methods that molecular db registers automatically can't be authorised, and anyone can list all the data in the database.

Answer 1 · 2023-03-27T09:19:33.000Z

There should atleast be a config option to disable them.

Answer 2 · 2023-03-27T09:19:49.000Z

Answer 3 · 2023-03-27T09:22:01.000Z

Thanks a lot, i should learn how to search issues before posting them. Sorry then.