How are you securing and sanitizing your server?

(Fantastitech) #1

I’m curious what methods people are using to secure and sanitize their Dgraph servers that are hosting user-facing data. Especially when the same database hosts user auth data that has to be secure.

(Michel Conrado) #2

Generally create an API is enough to have total control of who accesses the Dgraph DB. Create an authentication model with JWT token or some other solution. Use Docker/k8s (they are secure by design) and a simple firewall. For me, this way is safe.

BTW, ACL are coming.

(Fantastitech) #3

Is there a target version for ACLs? I see a few old discussions about it and there seems to be code for ACLs in the master branch on Github but I don’t see any recent mention of it.

(Michel Conrado) #4

It’ll be released probably in v1.1