This section provides a summary of recommendations regarding security in Neo4j.
Below is a simple checklist highlighting the specific areas within Neo4j that may need some extra attention in order to ensure the appropriate level of security for your application.
Deploy Neo4j on safe servers in safe networks:
Only open up for the necessary ports. For a list of relevant ports see Section 3.2, “Ports”.
In particular, ensure that there is no external access to the port specified by the setting
Failing to protect this port may leave a security hole open by which an unauthorized user can make a copy of the database
onto a different machine.
Use SSL certificates issued from a trusted Certificate Authority.
Be on top of the security for custom extensions:
dbms.security.procedures.whitelistto ensure that they exclusively contain intentionally exposed extensions.
LOAD CSVis enabled, ensure that it does not allow unauthorized users to import data. How to configure
LOAD CSVis described in Developer Manual →
neo4j-shell, controlled by the parameter
dbms.shell.port) and remote JMX (controlled by the parameter setting