Knowledge Base

Articles tagged as security

A lightweight approach to testing the Neo4j REST API with Authentication

This article will show examples of how to test the Neo4j REST API for authentication via: Google Chrome Advanced REST Client Linux curl command The Neo4j REST API describes each…

Read more

Creating and configuring database-local roles

Neo4j 4.0 introduced advanced security features in the form of role-based access controls, much needed, especially with the introduction of multiple database functionality. These controls can be accessed by administrators…

Read more

Neo4j Docker image cannot run on kubernetes as non root user

In Kubernetes (K8S) various levels of security can be set which apply cluster-wide to Pods running containers. One of which is a policy which prevents containers within a Pod to…

Read more

Enabling TLSv1.2 with IBM JDK9

Neo4j 3.4.0 only supports TLSv1.2 by default. IBM JDK9 uses the TLSv1 protocol by default. When attempting to run cypher-shell, users will be unable to connect to Neo4j. To enable…

Read more

Explanation of data/log/console.log error of 'TLS certificate error occurred, unable to start server: Neither RSA, DSA nor EC worked…​'

On bin/neo4j start the data/log/console.log may log an error similar to Neo4j allows for the configuration of HTTPS certificates via the parameters in conf/neo4j-server.properties. The following are the default values:…

Read more

Explanation of error on session connection using uniform drivers

As described by http://neo4j.com/docs/developer-manual/current/drivers/#_trust, when establishing an encrypted connection, it needs to be verified that the remote peer is who we expected to connect to. The default connection is to…

Read more

Explanation of error: procedure is not available due to having restricted access rights, check configuration

Commencing with Neo4j 3.2 when running a stored procedure, for example this may error with The cause of this error is as a result of not configuring the security extensions.…

Read more

How to configure mixed-mode security (native and LDAP) in Neo4j

For environments where you need both LDAP authentication as well as some native user accounts, there is a way to allow this in Neo4j 3.1 and newer. Use the configuration…

Read more

LDAP Error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

When configuring LDAP with certificates you may encounter the following issue: The problem appears when your server uses a self-signed certificate. To workaround it, you can add this certificate to…

Read more

Neo4j Security Benchmark

Read more

Protecting against Cypher Injection

What is Cypher Injection? Cypher Injection is a way for maliciously formatted input to jump out of its context, and by altering the query itself, hijack the query and perform…

Read more

Protecting against Server Side Request Forgery (SSRF)

What is SSRF? Server-side request forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back-end server of a vulnerable web application. Criminals usually use SSRF attacks to target…

Read more

How to set up SSL communcation when running Neo4j within a Docker Container

Neo4j 3.2 added a Unified SSL Framework to setup secure connections for Bolt, HTTPS and Intra-Cluster Encryption. Details on this framework can be found at: https://neo4j.com/docs/operations-manual/current/security/ssl-framework/ Setting up secure Bolt…

Read more

TLS/SSL Configuration for Specific Ciphers

Per documentation: dbms.ssl.policy.<policyname>.ciphers is by default set to the Java platform default allowed cipher suites, which can also be explicitly set to any specific ciphers (separated by ",") to further…

Read more

Useful Cypher statements for suspending and reactivating users

Commencing with Neo4j 3.1 and implementaion of native database users it is possible to suspend a user, thus preventing the user from further authenticating in. To view all suspended users…

Read more