Database Reference
In-Depth Information
Securing access to Neo4j deployment
The first step in any enterprise security is to restrict direct access to the production servers
and allow only secure communication.
Neo4j is bundled with a web server that provides the access to the Neo4j browser. We can
modify the web server parameters and control access to the Neo4j browser.
Let's discuss the various web server configurations defined in
<$NEO4J_HOME>/conf/
neo4j-server.properties
and their role in securing the access of the Neo4j
browser:
•
org.neo4j.server.webserver.address=0.0.0.0:
This property
defines the IP address on which the web server will accept the incoming connec-
tions. The default value is 0.0.0.0, which means it will accept connections only
from the local box hosting the Neo4j server.
•
org.neo4j.server.webserver.https.enabled=true
: This is a
Boolean parameter used to enable or disable the support for HTTPS. We should set
it to true to enable and accept HTTPS connections.
•
org.neo4j.server.webserver.https.port=7473
: This parameter
defines the port for accepting the HTTPS request. The default value is
7473
.
•
org.neo4j.server.webserver.port=7474
: This is the default HTTP
port for unsecured communication with the web server or the Neo4j browser. We
should disable this property by appending # and stop all unsecured communication.
•
org.neo4j.server.webserver.https.cert.location=conf/
ssl/snakeoil.cert
,
org.neo4j.server.webserver.https.key.location=conf/ssl/
snakeoil.key
, and
org.neo4j.server.webserver.https.keystore.location=data/
keystore
: These properties define the location of the certificate, key, and Key-
store, used in secured communication on the HTTPS protocol. We should change
the default values and define our own certificate, key, and Keystore. Refer to the
link
https://docs.oracle.com/cd/E19798-01/821-1751/ghlgv/index.html
t
o generate
the certificate, key, and Keystore.
