Generally, don't store the credentials.
Browser local-storage is reasonably sandboxed, but of course a person can look through that using dev tools.
On the nodejs side credentials management would be the same as you'd do for any language. If stored to disk, make sure file permissions are limited.
Thanks, that's what I was thinking. Unless I've missed something (I only speed read it) you would need to pass database login credentials when calling a database select, update etc. Would that not mean that you HAVE to store the credentials client side? I'm sure I've missed something.
Only when you create the driver. And you could use a user login form for that. Like in Neo4j Browser
Usually, you'd use the JS driver on the backend in a node.js server though.
Oh, OK. So this is more for back end node.js stuff than as a practical solution for calling a Neo4j database from a web browser session (unless the database credentials are specifically entered via a form as you say). Really great project, thank you guys very much for all your hard work :)
See more info on custom auth plugins here: