Redirect Notice

As of April 12th, you must go to Progress SupportLink to create new support cases or to access existing cases. Please, bookmark the SupportLink URL and use the new portal to contact the support team.

You will be automatically redirected to SupportLink in 10 seconds.

How can we help you today?

Start a new topic
Discussions Kinvey Forums Feature Requests

Prevent creation of new collections through POST requests

I realized that if I send a POST to a collection that doesn't exist on my database, the request creates the new collection with my data.

E.g.

POST https://baas.kinvey.com/appdata/kid_xxxxxxxxxxxx/custom/newRandomCollection

{ "random_string": "......" }



All I need is to be an user of the app and to find app key in the code or in communications, and I can create as many random collections I want, with how many documents inside of them I want...without being filtered by any business logic.



I was wandering, this might not be seriously harmful for the app, cause doesn't affect the collection that are really used by the app, but maybe not too secure either?



Is there a way to prevent this to happen? Some settings on my Kinvey account...?
2 CommentsSorted by Oldest First
Currently there isn't. We'll plan it in the roadmap.
Cool, I like the fact that Kinvey is constantly evolving .

Looking forward to that ;)
Login or Signup to post a comment
More topics in Feature Requests
See all 56 topics