With the inclusion of java stored procedures in Neo4j 3.x, one can run Cypher to connect to a RDBMS using JDBC.
To do so one needs to download and install https://github.com/neo4j-contrib/neo4j-apoc-procedures.
After installation of the Neo4j APOC kit, download the respective RDBMS JDBC driver .jar and install into $NEO4J_HOME\plugins.
The respective JDBC driver can be obtained from the RDBMS vendor. For example:
|Vendor | Download location | JDBC jar file
|MySQL | https://dev.mysql.com/downloads/connector/j/ | mysql-connector-java-5.1.34.jar
|Postgres | https://jdbc.postgresql.org/ | postgresql-9.4.1209.jar
|Oracle | http://www.oracle.com/technetwork/database/features/jdbc/ | ojdbc7.jar
After installing APOC and copying the RDBMS vendor .jar to $NEO4J_HOME\plugins, restart Neo4j.
The apoc.load.jdbc stored procedure is used to connect over JDBC and takes 2 arguments,namely:
SQL statement or table
The 'connection string' is vendor specific and as such one should consult the RDBMS vendor for syntax.
The 'SQL statement or table name' could be for example 'select * from movies' or simply 'movies'.
Usage of a single table name would result in 'select * from
When hiding the connection string in the neo4.conf, does this provide enough security to ensure passwords aren't accessible? I checked running an active query and found that it doesn't expose the string. However, I got a Neo.ClientError.Procedure.ProcedureCallFailed error for one of my tests and the message for it did list the connection string exposing the details of the string.
Are there any other protections that can be done to ensure that string doens't get exposed?