Experience Report for Feature Request
The problem is that we go through all the effort to set up poor man’s auth and use GraphQL endpoints instead of the native Dgraph endpoints, but the native endpoints are still available and unprotected.
What you wanted to do
Easily Disable the DQL endpoints via flags such as:
--disable-dql-all --disable-dql-alter --disable-dql-mutate --disable-dql-query etc...
What you actually did
Why that wasn’t great, with examples
I think its clear and there are many posts and comments spread all over… in short, the endpoints should be shut down, not blocked by an external strategy.
Side note: Actually, I would much prefer that @auth directives would be respected by DQL, and that the core team revisits the ACL as enterprise only feature decision. But until then, those of us who choose self-hosted with poor man’s auth will be happy for an easy way to disable DQL and go for GQL only.