Security lacking in NoSQL

As a former MS-SQL DBA, one of the main focuses of my job was in making sure the database was secure.

I appreciate how Neo4j has made some movement in this direction. While I am not as familiar with other NoSQL databases, I do know several other popular NoSQL databases lack many basic security features.

My proposal: develop a more granular security (read, write at least). Maybe these could be system level properties that can be set on the nodes and edges. Then phase 2, allow read/write access on different types of nodes or different types of relationships. In other DBMSs there are properties like this set at the system level that can still be queried by someone who has the permissions.

While Neo4j is ahead of the pack, you could further set yourself ahead by being one of the more security conscience NoSQL databases.

Thanks for the feedback, we agree that more granular security is something we want. Keep your eyes open when we approach our 4.0 release later this year as well as the minor releases to follow.

1 Like

You may have already seen the announcements, but Neo4j 4.0 (due early in Q1 2020) will have schema based security, with the ability to define, for user roles, fine-grained control of what is allowed (or denied) for read, write, and traversal based on several possible criteria (node labels, properties, relationship types, etc).

More info in the Neo4j 4.0 MR2 documentation.