Security Implications with Public API Call #3
Replies: 1 comment 1 reply
-
well this project was made cause i wanted to make a full functions app in one file without any js. i didnt relly make thinking its gonna go to production. but yes thats true
some safeguardspocketbase maintainer is thinking of adding that feature by default to collection in pocketbase. right now its only in the some special request( these requests) so there will be no issue about them getting acces to your db. but for the other collections he recommends you deploy pocketbase behind a proxy with rate limiting like nginx etc. i know some hosting services have network level rate limiting. for example fly.io where i have my pocketbase have a network level rateliming and captchas etc. also they dont charge you for usage resulting from an attack see here |
Beta Was this translation helpful? Give feedback.
-
Context: I don't have much experience working with APIs at all.
Looking at your html file, you make a couple calls to your Pocketbase API. Is this good practice or would you use some level of abstraction if you were to make this a production app?
I imagine some bored malicious person could just flood the API with tons of requests and cost you some money.
Beta Was this translation helpful? Give feedback.
All reactions