Showing results for 
Search instead for 
Did you mean: 

neo4j browser websocket security concerns



We installed a test neo4j server on our server (remote, not local) and when I use internet browser to play with the neo4j database, I inspected the http network connection from browser debug, and fount out a websocket is used to connect to the neo4j database server directly, could this design has potential security risk? Even though the login credentials are not transmitted during the websocket connection, but still, traditional n-tier web/database design usually has a loosely coupled design with a business logic layer in between the frontend and backend DB. We are trying to understand the reasons of using websocket in neo4j browser using websocket, what's the benefits of using the full duplex websocket to connect to the neo4j db from user's browser directly, as the user's browser doesn't have to listen to the event from backend neo4j db.
Thanks a lot,