Articles tagged as security
A lightweight approach to testing the Neo4j REST API with Authentication
This article will show examples of how to test the Neo4j REST API for authentication via: Google Chrome Advanced REST Client Linux curl command The Neo4j REST API describes each…
Creating and configuring database-local roles
Neo4j 4.0 introduced advanced security features in the form of role-based access controls, much needed, especially with the introduction of multiple database functionality. These controls can be accessed by administrators…
Neo4j Docker image cannot run on kubernetes as non root user
In Kubernetes (K8S) various levels of security can be set which apply cluster-wide to Pods running containers. One of which is a policy which prevents containers within a Pod to…
Enabling TLSv1.2 with IBM JDK9
Neo4j 3.4.0 only supports TLSv1.2 by default. IBM JDK9 uses the TLSv1 protocol by default. When attempting to run cypher-shell, users will be unable to connect to Neo4j. To enable…
Explanation of data/log/console.log error of 'TLS certificate error occurred, unable to start server: Neither RSA, DSA nor EC worked…'
On bin/neo4j start the data/log/console.log may log an error similar to Neo4j allows for the configuration of HTTPS certificates via the parameters in conf/neo4j-server.properties. The following are the default values:…
Explanation of error on session connection using uniform drivers
As described by http://neo4j.com/docs/developer-manual/current/drivers/#_trust, when establishing an encrypted connection, it needs to be verified that the remote peer is who we expected to connect to. The default connection is to…
Explanation of error: procedure is not available due to having restricted access rights, check configuration
Commencing with Neo4j 3.2 when running a stored procedure, for example this may error with The cause of this error is as a result of not configuring the security extensions.…
How to configure mixed-mode security (native and LDAP) in Neo4j
For environments where you need both LDAP authentication as well as some native user accounts, there is a way to allow this in Neo4j 3.1 and newer. Use the configuration…
LDAP Error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
When configuring LDAP with certificates you may encounter the following issue: The problem appears when your server uses a self-signed certificate. To workaround it, you can add this certificate to…
Protecting against Cypher Injection
What is Cypher Injection? Cypher Injection is a way for maliciously formatted input to jump out of its context, and by altering the query itself, hijack the query and perform…
Protecting against Server Side Request Forgery (SSRF)
What is SSRF? Server-side request forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back-end server of a vulnerable web application. Criminals usually use SSRF attacks to target…
How to set up SSL communcation when running Neo4j within a Docker Container
Neo4j 3.2 added a Unified SSL Framework to setup secure connections for Bolt, HTTPS and Intra-Cluster Encryption. Details on this framework can be found at: https://neo4j.com/docs/operations-manual/current/security/ssl-framework/ Setting up secure Bolt…
TLS/SSL Configuration for Specific Ciphers
Per documentation: dbms.ssl.policy.<policyname>.ciphers is by default set to the Java platform default allowed cipher suites, which can also be explicitly set to any specific ciphers (separated by ",") to further…
Useful Cypher statements for suspending and reactivating users
Commencing with Neo4j 3.1 and implementaion of native database users it is possible to suspend a user, thus preventing the user from further authenticating in. To view all suspended users…