i am using Ne04J Database for my platform
i performed security testing and results are below
- Store Cross Store Scripting(XSS)
how should i prevent it or Neo4J handle it ?
Are there any more details?
- Neo4j version?
- did the security testing provide any indication as to where this was found? i.e. Browser, Desktop, APOC, ???
I think it would be a mistake to handle this at the database level, as similar attacks like reflected xss, which does not get stored on the database, could still get through.
XSS is best handled by sanitizing user input (before it gets to the database) and also properly handling or encoding dynamic output.
Once you have logic in place to sanitize any input before it gets saved to the database, then you could use that similar logic to craft queries to check for such payloads existing in your database already, and flag them or clean them from there.
For databases, query language injection is the bigger concern...in our case, cypher injection, and we have an article about that: