This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

How to implement Custom Data Encryption/Decryption Functions/Procedures in apoc for Client Confidential Information

ramachandra_nay
Node

‎08-22-2019 11:07 PM

Please keep the following things in mind:

  1. did you search for what you want to ask before posting?
  2. please use tags for additional info
  3. use a self-descriptive title

Please format code + Cypher statements with the code </> icon, it's much easier to read.

Please provide the following information if you ran into a more serious issue:

  • neo4j version, desktop version, browser version
  • what kind of API / driver do you use
  • screenshot of PROFILE or EXPLAIN with boxes expanded (lower right corner)
  • a sample of the data you want to import
  • which plugins / extensions / procedures do you use
  • neo4j.log and debug.log
Labels:
0 Kudos
Reply
5 REPLIES 5

stefan_armbrust
Neo4j
Neo4j

‎08-23-2019 12:34 AM

What is your actual question?

0 Kudos
Reply

ramachandra_nay
Node

‎08-23-2019 01:03 AM

If we have sensitive data of person like Credit Card Details, Password, Social Security Number etc, As per some compliance policy we need to mask the data or encrypt the data at database. Neo4j not having features to achieve this. In RDMS Database like MS SQL and Oracle we have build in features. As per neo4j we need to take care by implementing application layer encryption/decryption logic. So to achieve this we can do this apoc user defined function or procedures. I want to understand how achieve this.

0 Kudos
Reply

stefan_armbrust
Neo4j
Neo4j
In response to ramachandra_nay

‎08-23-2019 04:00 AM

You can write a TransactionEventHandler (see e.g. https://maxdemarzi.com/2015/03/25/triggers-in-neo4j/) that encrypts certain properties.
However the tx event handlers do not fire when you read data, so you don't have an easy way to decrypt it.

Therefore I think it's better to implement this on application layer.

On approach would be using SDN/OGM. There's e.g. a blog post https://neo4j.com/blog/neo4j-data-encryption-ogm/ doing this with SDN/OGM. Take care - the blog post does use an older version of SDN/OGM.

0 Kudos
Reply

ramachandra_nay
Node

‎09-12-2019 03:31 AM

@stefan.armbruster : Need your input on following approach

  1. Download the apoc code from github : https://github.com/neo4j-contrib/neo4j-apoc-procedures
  2. Write two custom function one for encryption and another for decryption for sensitive applications.
  3. Build the APOC JAR file and place in neo4j server instance.
  4. Currently using python based client application to ingest the data and manipulate the data.
  5. Integrate the apoc to python client application.
  6. Call the apoc encrypt and decrypt function in python client application to work with sensitive information.

Please provide your review on feasibility of solution.

Thank You.
Ram.

0 Kudos
Reply

stefan_armbrust
Neo4j
Neo4j
In response to ramachandra_nay

‎09-12-2019 02:54 PM

Sounds feasible. However I'd prefer to create a seperate project for your two functions. Then just deploy APOC and your project to your plugins folder.

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays