Description
On a page about creating Embedded Charts: (https://docs.mongodb.com/charts/onprem/data-sources/#enable-or-disable-embedding)
Verified Signature only. This option requires embedded charts to include a secret embedding key with each request sent to the data source.
I found this confusing, because if the client (the web browser) were sending the key, then the user would also be able to see the key, so it wouldn't be a secret.
The linked page cleared it up for me: (https://docs.mongodb.com/charts/onprem/embedding-charts/#embedding-charts)
The verified signature creates a payload by generating a HMAC from your embedding key, a timestamp, and identifying data from your chart.
This makes more sense to me: the key stays secret, and stays on the server. Because only the server knows the key, nobody else can create a signature.
So on that first page, I think "secret embedding key" should say "signature".
Scope of changes
Impact to Other Docs
MVP (Work and Date)
Resources (Scope or Design Docs, Invision, etc.)
|