TLS doc instructions with curl circumvent security by distributing private key

diggy · May 4, 2020, 3:49pm

Moved from GitHub dgraph/5363

Posted by darkn3rd:

Documentation

The documentation under Using Curl with Client authentication instructs users to use the node.key for REQUIREANY or REQUIREANDVERIFY. This has two problems:

violates security as what should be a private key is not distributed and shared. This should never be demonstrated or recommended.
doesn’t show how to support to use client key to authenticate client.

The purpose of using REQUIREANDVERIFY is to make sure the client is authenticated to interact with Dgraph, as opposed to any client using https with dgraph service.

Topic		Replies	Views
Authentication - Slash graphql Documentation	12	1810	March 10, 2021
Python Client: How to use pydgraph w/ certs for public trusted CA Dgraph	1	320	July 3, 2021
TLS client Authentication? Dgraph Clients untagged , dgraph-js	6	390	July 11, 2020
Connecting to Slash GraphQL using Dgraph4j Dgraph Clients dgraph4j , kind:feature	4	806	October 7, 2020
How do i connect to dgraph using the nodejs client via ssl? Dgraph Cloud kind:question	17	1267	October 5, 2020

TLS doc instructions with curl circumvent security by distributing private key

Documentation

Related Topics