Thanks for the info, Sumit. No problem. On Thursday, May 7, 2015 at 2:10:49 PM UTC-4, Sumit Gupta wrote: > > Hi Rick, > > I just checked the code of Neo4j-2.2.0-M03 and Neo4j-2.2.0 but it seems > like there have been considerable change in the security implementation. > > M03 exposes REST API for getting the token back but that API has been > removed in 2.2.0 and also complete security implementation has been changed. > > In short 2.2.0 and above does not have token based security. It uses the > java.security.MessageDigest (SHA-256) digester for authentication. > > Thanks, > Sumit > > On Thursday, 7 May 2015 20:15:35 UTC+5:30, cui r wrote: >> >> Hi Sumit, >> >> Could you please explain how to get the token back? From the document you >> referred earlier, I don't see how to get the token for subsequent calls. >> >> Thanks, >> Rick >> >> On Wednesday, May 6, 2015 at 8:22:23 PM UTC-4, Sumit Gupta wrote: >>> >>> Yes Token based security is still there in Neo4j. >>> >>> Thanks, >>> Sumit >>> >>> On Thursday, 7 May 2015 00:11:07 UTC+5:30, cui r wrote: >>>> >>>> Thanks for the info, Sumit. Just want to check whether the token based >>>> implementation is still there or not. >>>> >>>> In our case, we have to have security check in place due to company >>>> policy. I disabled Neo4j security and implement a LDAP based security >>>> check. But LDAP check is expensive in the high throughput scenario, so I >>>> add a cache there to serve as the session. >>>> >>>> Thanks, >>>> Rick >>>> >>>> >>>> On Tuesday, May 5, 2015 at 9:24:48 PM UTC-4, Sumit Gupta wrote: >>>>> >>>>> hi, >>>>> >>>>> This link will help you understanding security in Neo4j - >>>>> http://neo4j.com/docs/stable/rest-api-security.html#rest-api-authenticate-to-access-the-server >>>>> >>>>> I remember in M03 (Milestone release) it was different implementation >>>>> but in final release candidate (RC01) it was like >>>>> "base64(username:password)". >>>>> >>>>> For high throughput my suggestion would be to disable the security >>>>> (set dbms.security.auth_enabled=false) in neo4j-server.properties and >>>>> implement security framework at the application level which is hitting >>>>> the >>>>> Neo4j server. >>>>> >>>>> Thanks, >>>>> Sumit >>>>> >>>>> On Tuesday, 5 May 2015 20:56:02 UTC+5:30, cui r wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> Some time ago, when I look at the Neo4j document for security, I >>>>>> vaguely remember that the security is token based. But now I couldn't >>>>>> find >>>>>> any reference to tokens. Is there any change to the security >>>>>> implementation? >>>>>> >>>>>> What's the recommended way for authentication in a high throughput >>>>>> scenario? >>>>>> >>>>>> Thanks. >>>>>> Rick >>>>>> >>>>>
-- You received this message because you are subscribed to the Google Groups "Neo4j" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
