Let’s say I have two canisters: service and database. The service canister exposes all the methods called by off-chain clients and runs with the logic I need. The database canister stores data and accepts calls only from the service canister, but since the inspect_message is not invoked for inter-canister calls, the caller’s principal check is done inside the method.
This means that every time anyone can send update calls to the database canister (which exposes only update methods since inter-canister query calls are not possible) and consume 560K cycles for each call (according to the Gas and cycles cost table).
Could the solution be to also implement the inspect_message on the database canister to filter out all principals except the service canister’s so that any off-chain request is discarded and cycles are not consumed?