Prisma 1 Forum

Closing Prisma Client to the Outside World | Handle Login attempts and Forgot Password

Hi there,

I’ve been building a platform for a while and now it is time to deploy. My Prisma Client is hosted on a EC2 and I’m using Cognito as the access control to my web and mobile apps. These are some of my concerns:

1 - I’ve started to create a permission layer with graphql-shield. But anyone that knows the server URL can see the “DOCS” and “SCHEMA” on the tabs at the right side, see image below. How do I close Prisma Client to the Outside World?
image

2 - Anyone that knows the server URL can try to login as many time as they like. How to limit the number of attempts?

3 - Once the user clicks on “Forgot Password”, Cognito handles the process to reset the password but how can I create a resolver to update the password on the database without exposing it to anyone?

Any help is appreciated.
Thanks

This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.