Security

Graphlytic user password

Passwords of Graphlytic users are stored encrypted in Neo4j. BCypt encryption function is used (see Bcrypt on Wikipedia). This function is used at OS: BSD, SUSE Linux and other. It is generally considered safe for this purpose.

Communication

Browser - Graphlytic

Connection between Browser and Graphlytic should be configured to use HTTPS. Graphlytic is delivered with configuration to use self signed certificate for HTTPS. You can use your own valid certificate for HTTPS.

You can also use Apache with HTTPS configured and communication between Apache and Graphlytic should be configured to use HTTP.

Graphlytic - Neo4j

Connection between Graphlytic and Neo4j can be configured to use Bolt or REST. REST communication is mandatory because this is only way how to communicate with Graphlytic Neo4j plugin. If Bolt communication is enabled all communication with Neo4j uses Bolt, only communication with Graphlytic Neo4j Plugin uses REST.

Bolt protocol

Bolt protocol is configured to use TLS encryption with trust on first use. See more in Neo4j Driver.

REST protocol

REST protocol can be configured to use HTTP or HTTPS. You need import Neo4j server certificate into Java default truststore to use HTTPS. See more in Neo4j security.

Example how to import certificate into default Java truststore (default password for default Java truststore is "changeit"):

keytool -import -alias neo4j-server -file neo4j.cert -keystore /java/jdk1.8.0_60/jre/lib/security/cacerts

See more information in Oracle documentation.