Hi Rick, I just checked the code of Neo4j-2.2.0-M03 and Neo4j-2.2.0 but it seems like there have been considerable change in the security implementation.
M03 exposes REST API for getting the token back but that API has been removed in 2.2.0 and also complete security implementation has been changed. In short 2.2.0 and above does not have token based security. It uses the java.security.MessageDigest (SHA-256) digester for authentication. Thanks, Sumit On Thursday, 7 May 2015 20:15:35 UTC+5:30, cui r wrote: > > Hi Sumit, > > Could you please explain how to get the token back? From the document you > referred earlier, I don't see how to get the token for subsequent calls. > > Thanks, > Rick > > On Wednesday, May 6, 2015 at 8:22:23 PM UTC-4, Sumit Gupta wrote: >> >> Yes Token based security is still there in Neo4j. >> >> Thanks, >> Sumit >> >> On Thursday, 7 May 2015 00:11:07 UTC+5:30, cui r wrote: >>> >>> Thanks for the info, Sumit. Just want to check whether the token based >>> implementation is still there or not. >>> >>> In our case, we have to have security check in place due to company >>> policy. I disabled Neo4j security and implement a LDAP based security >>> check. But LDAP check is expensive in the high throughput scenario, so I >>> add a cache there to serve as the session. >>> >>> Thanks, >>> Rick >>> >>> >>> On Tuesday, May 5, 2015 at 9:24:48 PM UTC-4, Sumit Gupta wrote: >>>> >>>> hi, >>>> >>>> This link will help you understanding security in Neo4j - >>>> http://neo4j.com/docs/stable/rest-api-security.html#rest-api-authenticate-to-access-the-server >>>> >>>> I remember in M03 (Milestone release) it was different implementation >>>> but in final release candidate (RC01) it was like >>>> "base64(username:password)". >>>> >>>> For high throughput my suggestion would be to disable the security (set >>>> dbms.security.auth_enabled=false) in neo4j-server.properties and implement >>>> security framework at the application level which is hitting the Neo4j >>>> server. >>>> >>>> Thanks, >>>> Sumit >>>> >>>> On Tuesday, 5 May 2015 20:56:02 UTC+5:30, cui r wrote: >>>>> >>>>> Hi, >>>>> >>>>> Some time ago, when I look at the Neo4j document for security, I >>>>> vaguely remember that the security is token based. But now I couldn't >>>>> find >>>>> any reference to tokens. Is there any change to the security >>>>> implementation? >>>>> >>>>> What's the recommended way for authentication in a high throughput >>>>> scenario? >>>>> >>>>> Thanks. >>>>> Rick >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "Neo4j" group. To unsubscribe from this group and stop receiving emails from it, send an email to neo4j+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
