Moved from GitHub dgraph/5363
Posted by darkn3rd:
Documentation
The documentation under Using Curl with Client authentication instructs users to use the node.key for REQUIREANY or REQUIREANDVERIFY. This has two problems:
- violates security as what should be a private key is not distributed and shared. This should never be demonstrated or recommended.
- doesn’t show how to support to use client key to authenticate client.
The purpose of using REQUIREANDVERIFY is to make sure the client is authenticated to interact with Dgraph, as opposed to any client using https with dgraph service.