Neo4j

Hi,

there is GraphXr (https://www.kineviz.com/) you can try.

Also as a Neo4j App https://neo4j.com/blog/graphxr-graph-app-neo4j-desktop/..

Ciao

Alessio

Option 1: (simplest)
https://neo4j.com/docs/operations-manual/current/authentication-authorization/access-control/

1. Create a read-only user.
2. Set-up a reverse proxy to authenticate as that user.

CREATE USER www SET PASSWORD "changeme" CHANGE NOT REQUIRED;
GRANT ROLE reader TO www; #Not in prod, be careful and read the article linked above.

Nginx Example:
First, base64encode "www:changeme" == d3d3OmNoYW5nZW1l

server {
    listen 80;
    server_name "domain.test"

    location /neo/$URI {
        proxy_redirect off;
        proxy_connect_timeout 30s;
        proxy_set_header Accept-Encoding \"\";
        proxy_set_header Host \$host;
        proxy_set_header Authorization "Basic d3d3OmNoYW5nZW1l";
        proxy_pass http://127.0.0.1:7474$URI;
    }
}

Now, whenever anyone visits http://domain.test/neo/, they'll get the :7474 neo4j interface, logged in as www. If you want it to be the bolt port, well, it's easy to change.

Option 2: (safer, but tricky)
Use casual clustering to create one db with all the data, and read-only access. Then you can open that thing up to anyone.

Thanks asperlinga & tony.

• I'll try GraphXR, but I have a feeling that users will have to hit Neo4J Desktop first to launch GraphXR. So that may not be enough on its own.

• I will also try Causal Clustering. I have just spent some time reading the documentation, and it's an Enterprise Mode function. Hence, I need to get that license first.

What I find striking is that most analytics tools are not designed to be publicly available (ELK is the same). Regarding Neo4J, I have looked around in order to find a single example of such installation and couldn't find anything. It wouldn't surprise me if what I'm asking for is not doable (from safety point of view).

It's more about databases in general. Even mysql doesn't have much documentation about how to make a public mysql user. That's not to say it can't be done, and the same methods I've described above would be effective. Most db conversations are about how to never give anyone access to whole dbs or tables.

sure; that's a fair point
but one of the most powerful aspects of neo4j is the user-friendliness of its UI. I have several ideas for investigative websites that would benefit from exposing the UI in a R/O mode.
I have started yesterday working on the Causal Clustering bit with Docker, but haven't finished yet.

That's actually exactly what GraphXR was built for. The trick with UI is the balance between complexity and ease-of-use. True investigative efforts require maximizing specificity, thus complexity, but in doing so create a learning barrier to entry. Conversely, things like vis.js, console.neo4j.org, and arrows keep the UI simple, but don't allow for detailed analisys or complex graphs.

I'll give GraphXR a proper chance then. their requirement to sign up for an account put me off

They're a great bunch of people, and the owner volunteers a lot of time into community projects for art and dance and technology. They've also donated tons of time and research into making publicly available GraphXR views of politics, trading, and covid:

https://www.kineviz.com/covid19

i had no idea; thanks for mentioning this