As of April 12th, you must go to Progress SupportLink to create new support cases or to access existing cases. Please, bookmark the SupportLink URL and use the new portal to contact the support team.
Prevent creation of new collections through POST requests
D
Davide Neri
started a topic
about 10 years ago
I realized that if I send a POST to a collection that doesn't exist on my database, the request creates the new collection with my data.
E.g.
POST https://baas.kinvey.com/appdata/kid_xxxxxxxxxxxx/custom/newRandomCollection
{ "random_string": "......" }
All I need is to be an user of the app and to find app key in the code or in communications, and I can create as many random collections I want, with how many documents inside of them I want...without being filtered by any business logic.
I was wandering, this might not be seriously harmful for the app, cause doesn't affect the collection that are really used by the app, but maybe not too secure either?
Is there a way to prevent this to happen? Some settings on my Kinvey account...?
Davide Neri
E.g.
POST https://baas.kinvey.com/appdata/kid_xxxxxxxxxxxx/custom/newRandomCollection
{ "random_string": "......" }
All I need is to be an user of the app and to find app key in the code or in communications, and I can create as many random collections I want, with how many documents inside of them I want...without being filtered by any business logic.
I was wandering, this might not be seriously harmful for the app, cause doesn't affect the collection that are really used by the app, but maybe not too secure either?
Is there a way to prevent this to happen? Some settings on my Kinvey account...?