I was wondering how data from your graph database is being protected. As I understand most of the visualisation are happening client side. So how is the result of a query parsed. Are these just json objects that have similar structure as in your database?
Is there some middleware that can obfuscate such data before it is send to the client?
You have full control of what is returned to your client for visualization if you are using a driver within a back end service. If you are using the javascript driver directly in the front-end, then need to implement logic to only visualize what is allowed.
There is also role-based access permissions in the enterprise addition that can be used to set limits on the type of data a user can access based on their role. This would allow you to implement some restrictions at the database layer, so they can be enforced regardless of the access pattern.
I am not using anything yet. Just checking feasibility.
driver within a back end service.
I should add a driver to a neo4j container? I have the impression I mostly read about client side drivers. How should this driver know what I want to share and not? And how should it be able to do this, if there are no privileges in neo4j?
You maybe have a link to that? :)
There is also role-based access permissions in the enterprise addition that can be used to set limits on the type of data a user can access based on their role.
Hmm, I am indeed using currently multiple user privileges in postgres and mariadb. Bad news about these privileges tbh.
You do not add a driver to a neo4j container. Neo4j is hosted as a service, which provides access either via HTTP or a driver. You would use a driver in your application to communicate to the Neo4j to submit queries.
A back-end service is an application that you build that your users call (other systems, front-end apps, Mobil apps, etc). It contains your business logic and it interacts with your neo4j database. This application would have an appropriate driver needed to interact with neo4j. There are many frameworks that make developing a back end service easier. Two in mind are Java/springboot and node.js
Neo4j community has access privileges too. Enterprises just had a deeper and richer set of access capabilities.
Currently I have a test with this setup. One html file that includes to cdn javascripts and some local javascript code.
Looks like this one local file has access to everything (authenticating with neo4j user)
+--------+ +---------+
| neo4j | | |
| + d3 |<---------------->| Neo4j |
| js | | |
| | |container|
+--------+ +---------+
local remote
I think you are proposing such setup. So what should I put at '?'
+--------+ +---------+ +---------+
| neo4j | | | | |
| + d3 |<------->| ? |<------>| Neo4j |
| js | | | | |
| | | | |container|
+--------+ +---------+ +---------+
local remote remote
Just to be clear this Neo4j CE has only one user account that has full access to everything?
Is it even allowed to use Neo4J CE in the EU, is this type of limitation not below GDPR standards?
I am not proposing any specific architecture. The best solution depends on your needs and constraints.
You are correct about what I was discussing. It is referred to as a three-tiered architecture, where you have a front-end handling the presentation layer, a back-end system handling the business logic, and a database handing the data layer.
There are benefits to this architecture. It provides a clear demarkation of responsibilities and it allows your backend to support many types of clients, i.e. UI, mobile, other systems. The backend can also be an orchestration layer, as it may need to interact with other systems to support its user's requests. For instance, a user makes are request that needs to get data via an API, process that data, persist it to your neo4j db, and then return a response to the user. Your front-end application will get very complicated if you try to implement all this logic in the front-end. Also, it is only available to the UI users. What if you need to support other clients too?
There are options on how to implement the backend-end. The technology to pick depends on your team's capabilities. I use springboot because I know java. Nest.js looks like a very nice framework if you want to use Node.js.
It is referred to as a three-tiered architecture, where you have a front-end handling the presentation layer, a back-end system handling the business logic, and a database handing the data layer.
I am used to not having public connections to mariadb and postgres. But with all these neo4j demos/example I only see direct connections to these ports (7474, 7687)[1]
Yesterday I checked a bit this php-client and checking if d3.js is doing something with php. But my whole idea about using a graph database was to have something quickly up and running with available tools.
So currently my evaluation of Neo4j for small amount of nodes project:
I don't really get any more why I should use Neo4j. :)
[1]
I am getting a bit of topic here, not really sure how far your knowledge goes.
There are options on how to implement the backend-end. The technology to pick depends on your team's capabilities. I use springboot because I know java. Nest.js looks like a very nice framework if you want to use Node.js.
Top 10 Microservices Frameworks [2024 Updated] - GeeksforGeeks
The most interesting part about the client server communication is this bidirectional communication over something like websockets (bolt?). But afaik are scripting languages like python, php, javascript bad at handling large amounts of sockets efficiently because of technical issues (parallelization issues?). I know eg that php has this ratched library, but I am not sure if I want this kind of load on the webserver.
Could I conclude that your suggestion could be something like having some java middleware that handles all these websockets for clients to the server? Could you make such micro service?
Hi @glilienfield Gary,
I would be interested in paying for your services to create some websocket middleware based on java springboot. I am still a bit investigating my options. This graph db stuff has really trigger my interest, I am even thinking a bit about going a step further and having some document storage linked to nodes.
However after reading a bit about these websockets, this seems to be mandatory for producing a nice solution.
any thoughts of using SSL certs and thus connecting with https:// vs http:// and a bolt connection with neo4j+s:// or has this been explored and not a possibility?
Yes I would do that in production. We already have a self signed ca and add this to the root ca trust in containers. I don't really get why neo4j even has a separate option for self signed. ;)
Problem is that with this community edition version you have to allow clients full access through this one user. Even with read only access I am not so pleased. Also my lack of knowledge of neo4j and cypher hinders me in finding a solution. For now I am even still investigating how to structure and enter data. :)
This is one reason that people move on from Community edition - RBAC...