Moved from GitHub dgraph/5363
Posted by darkn3rd:
The documentation under Using Curl with Client authentication instructs users to use the
REQUIREANDVERIFY. This has two problems:
- violates security as what should be a private key is not distributed and shared. This should never be demonstrated or recommended.
- doesn’t show how to support to use client key to authenticate client.
The purpose of using
REQUIREANDVERIFY is to make sure the client is authenticated to interact with Dgraph, as opposed to any client using https with dgraph service.