Skip to content

Commit 04902ce

Browse files
mevdscheemevdschee
committed
joinLimits
1 parent f5a2a83 commit 04902ce

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

README.md

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,7 @@ You can enable the following middleware using the "middlewares" config parameter
159159
- "sanitation": Apply input sanitation on create and update
160160
- "multiTenancy": Restricts tenants access in a multi-tenant scenario
161161
- "pageLimits": Restricts list operations to prevent database scraping
162+
- "joinLimits": Restricts join parameters to prevent database scraping
162163
- "customization": Provides handlers for request and response customization
163164

164165
The "middlewares" config parameter is a comma separated list of enabled middlewares.
@@ -197,6 +198,9 @@ You can tune the middleware behavior using middleware specific configuration par
197198
- "multiTenancy.handler": Handler to implement simple multi-tenancy rules ("")
198199
- "pageLimits.pages": The maximum page number that a list operation allows ("100")
199200
- "pageLimits.records": The maximum number of records returned by a list operation ("1000")
201+
- "joinLimits.depth": The maximum depth (length) that is allowed in a join path ("3")
202+
- "joinLimits.tables": The maximum number of tables that you are allowed to join ("10")
203+
- "joinLimits.records": The maximum number of records returned for a joined entity ("1000")
200204
- "customization.beforeHandler": Handler to implement request customization ("")
201205
- "customization.afterHandler": Handler to implement response customization ("")
202206

@@ -751,7 +755,14 @@ It also sets the column "customer_id" on "create" to "12" and removes the column
751755

752756
### Prevent database scraping
753757

754-
You may use the "pageLimits" middleware to limit the page number and the number records returned from a list operation.
758+
You may use the "joinLimits" and "pageLimits" middleware to prevent database scraping.
759+
The "joinLimits" middleware limits the table depth, number of tables and number of records returned in a join operation.
760+
761+
'joinLimits.depth' => 2,
762+
'joinLimits.tables' => 3,
763+
'joinLimits.records' => 25,
764+
765+
The "pageLimits" middleware limits the page number and the number records returned from a list operation.
755766
If you want to allow no more than 10 pages with a maximum of 25 records each, you can specify:
756767

757768
'pageLimits.pages' => 10,

0 commit comments

Comments
 (0)