I am using Javascript Bolt Driver on Google Cloud Functions to query Neo4j database and then send the result to the client, is it possible to access the database without authentication?, does the authentication slow down the query time between Client and Server?.
It is possible to disable authentication/authorization in neo4j.conf file:
dbms.security.auth_enabled=false
However it is strongly recommended to leave it on as it makes whole database accessible to anyone with access to the host and port (bolt or http). Even in environments where you can limit the access to the machine to particular network or range of IPs it is better to keep the authentication on as additional layer of protection.
The performance impact is negligible compared to all other variables usually involved (network, disk access, query planning and execution).
Related
I am developing an app that's going to have two capabilities. First of all, it has to be able to ingest a huge load of events (think millions per minute). It's also going to have a typical REST frontend/backend where I'll have the classic authentication flows, some dashboard based on an analysis of the ingested events, etc. For the REST portion of the app, I'm using Django + Postgres and React on Docker. For the event-driven backend, since Django is too slow to handle clients sending me millions of requests, I was thinking of using Kafka + a streaming database like Materialize.
However, I'm still unclear on how I would route requests to these different endpoints. Do I need to write an endpoint in something fast like Golang/Rust to send client payloads to Kafka? Or do clients communicate with Kafka directly? Is something like Nginx the right way to route these requests? I would still need to have some sort of reference to the the Postgres DB in order to verify the API Key used in the client request is valid.
be able to ingest a huge load of events (think millions per minute).
Through HTTP, or Kafka? If Kafka, then you can use Kafka Connect to directly write into the database without needing any frontend web server.
Django is too slow to handle clients sending me millions of requests
Based on your own benchmarks? Using how many instances?
Do I need to write an endpoint in something fast like Golang/Rust to send client payloads to Kafka?
Python can send producer requests to Kafka. There's nothing preventing you from using Kafka libraries in Django, although none of your question seems very specific to Kafka vs other message queues, especially when you've only referenced needing one or two databases.
If you're going to pick a different "service worker" language, you may as well write your HTTP server using those as well...
Or do clients communicate with Kafka directly?
Web clients? No, at least not without an HTTP proxy.
Is something like Nginx the right way to route these requests?
Unclear what you mean by "requests" here. Kafka requests - no, database requests - probably not, load balancing of HTTP requests - yes.
have some sort of reference to the Postgres DB in order to verify the API Key used in the client request is valid
Okay fine, use a Postgres client in your backend code.
I've had a little dig through azure documentation but couldn't find a definitive answer.
I have an app service and an azure db sitting in the same resource group, and I am finding the site takes a long time to connect and get responses back from the database only in the hosted environment.
Is it possible to specify a localhost equivalent as they are in the same resource group, and would this make things any quicker?
Resource Group does not have any impact on the connectivity or latency of the application and the database. It is just to group the Azure resources together based on a Project/Envrionment.
There is no equivalent for resourcegroup or even appservice unless if you want to run your application in IIS or any other server.
If you really want to see what is causing the connectivity issue, i will recommend you to monitor the request and response using Azure Monitor.
I think you need to understand the cloud concepts first before trying out anything.
I have a question related to Apache Storm. Currently we use some servers to implement Storm, our application needs facebook/Twitter tokens.
So we want to design like this: each token belongs to a specific server, when a bolt received tuple, it'll request a token which is specifically for that bolt running instance, this is to prevent token blocking if different servers use same token in a short time.
Anyone knows how to achieve this way, is there any way to know which servers of a running instance of bolt? Thanks a lot.
If you want one token per bolt instance then add an instance variable to your bolt class to hold that token and initialize/cleanup that token at the appropriate times in the bolt lifecycle.
If you want to have a token for each machine then you can create a Singleton bean to hold one token for the entire JVM. Note that if you want to have more than one worker on a single machine then you need to be happy with multiple tokens for each machine (one per JVM on the machine), or build a stand-alone middleware server that owns the token and which handles requests from multiple JVM's on the machine. Even if that is acceptable you'll still need to work out how to make all of the bolt instances in a single JVM/worker share the one token for that JVM.
I know that we can get access to Neo4j db remotely by adding IP addresses. I am wondering if Neo4j supports account verification like username and password to double increase the db security even though we log in at trusted IP.
In addition, can we set mulitple databases and switch them before we query some stuff? I know Neo4jCP can do it but it only supports windows. Is there any way else to do it and is it possible that Neo4j intergrates this feature?
Thank you!
Unfortunately out of the box Neo4j doesn't support multiple databases or user management or data level security.
You can add something like that in your application layer, or use a framework like http://structr.org which provides user-management and data level security.
So despite the warnings, I think I need to build a custom STS. We will support an arbitrary number of customers who provide identity information via SAML.
What is the best practice to store details on each IP? Most examples seem to store this info in the STS's web.config. That seems like it wouldn't scale real well.
Is there an obvious reason not to just store this stuff in a db and load it when the requests come in?
Fundamentally, if the Identity Providers will change over time, such as via some online administration function, rather than a new application deployment, it makes total sense to store the information in a database (or other Storage).
I think this is a potential issue for any multi-tenanted service that is federating identity with the customer.
ADFS v2.0 (which is Microsoft's STS product) stores its details in either a SQL Server DB (or SQL Server DB farm) or a Windows Internal DB. So if it's good enough for Microsoft ...