Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Neo4j in Docker needs to be secured #13

Open
Cougar opened this issue May 8, 2019 · 1 comment
Open

Neo4j in Docker needs to be secured #13

Cougar opened this issue May 8, 2019 · 1 comment
Assignees
@varchashva
Labels
sec-bug Security Vulnerability

Comments

@Cougar
Copy link

Cougar commented May 8, 2019

This line

LetsMapYourNetwork/docker-compose.yml

Line 9 in 816308d

- NEO4J_AUTH=none # Neo4j authentication is disabled for Docker installation

makes Neo4j open for anyone in the world (if you are not behind firewall/NAT). It should either not use 'host' network, listen 127.0.0.1 or should be secured with password/firewall but current setup is insecure.
@varchashva
Copy link
Owner

This line

LetsMapYourNetwork/docker-compose.yml

Line 9 in 816308d

- NEO4J_AUTH=none # Neo4j authentication is disabled for Docker installation

makes Neo4j open for anyone in the world (if you are not behind firewall/NAT). It should either not use 'host' network, listen 127.0.0.1 or should be secured with password/firewall but current setup is insecure.

Hi @Cougar - let me analyse it and I will get back to you. thanks!

@varchashva varchashva self-assigned this May 10, 2019
@varchashva varchashva added bug Something isn't working sec-bug Security Vulnerability and removed bug Something isn't working labels Jul 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@varchashva varchashva

Labels
sec-bug Security Vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Cougar @varchashva