Start a new topic

Prevent creation of new collections through POST requests

I realized that if I send a POST to a collection that doesn't exist on my database, the request creates the new collection with my data.

E.g.

POST https://baas.kinvey.com/appdata/kid_xxxxxxxxxxxx/custom/newRandomCollection

{ "random_string": "......" }



All I need is to be an user of the app and to find app key in the code or in communications, and I can create as many random collections I want, with how many documents inside of them I want...without being filtered by any business logic.



I was wandering, this might not be seriously harmful for the app, cause doesn't affect the collection that are really used by the app, but maybe not too secure either?



Is there a way to prevent this to happen? Some settings on my Kinvey account...?

Currently there isn't. We'll plan it in the roadmap.
Cool, I like the fact that Kinvey is constantly evolving .

Looking forward to that ;)
Login or Signup to post a comment