Hello, I am having a hard time understanding the authentication mechanism for dgraph.
I made some observations so far,
When connecting from localhost, no password or anything is asked. Anyone can connect and do read write operations. That’s not good in my opinion.
When connecting over the public IP, at least ratel doesn’t want to connect to dgraph without password it seems. Maybe that is just my iptables configuration though. I dont feel comfortable with this at all.
Now I read that ACL are not in the free version. I am getting confused on whats going on here. How am I suppsed to protect the database and how do I set up a password?
I read that its using jwt rather than a password somewhere. In a different place its talking about TLS certifactes. I get that the traffic should be encrypted but its not helping me to authenticate an application or user. Or maybe an application if I Iet dgraph verify the client cert.
All in all it is confusing and seems a bit convoluted. Why isnt there just a user list and password challenge like on any other database?
What mechanism protects dgraph from any client to connect via grpc or http?
I just managed to connect over public web without any password. This is super sketchy TBH. No warning in the docs or anything.