No, there is none, cuz DQL has no exploit in the language. It has a structural syntax that prevents any attempt to do unwanted patterns. It is impossible to run a statement in any input.
Ps. Not all below are Dgraph related.
- Put your DB behind a firewall and other layers of common security.
- Always put a middleware between your application and Dgraph. A simple HTTP API or even GraphQL is enough. (Use Dgraph’s GraphQL)
- Avoid sequential IDs or expose UIDs to the end-user. This is valid for any DB out there.
- Use GraphQL Vars and DQL Vars all the time.
- Choose a good auth strategy.
- If you are going to use a stateless auth, master it first. Stateless auth is dangerous. JWT is stateless, but if you follow the letter you gonna be fine.
- Avoid any Query string over URL. This isn’t Dgraph related, but I personally think it is a bad practice. Only specific cases I would use it.
See? most of it is a pure Sysadmin job. If you have done the homework, your cluster is safe.
Cheers.