neo4j db注入保护 [英] neo4j db injection protection

问题描述

我想知道，就像在常规RDMS中一样，存在SQL注入，因此在PHP中，我们使用PDO来防止注入，但是在Neo4j中，我们如何使用它来防止注入。我正在通过jquery和neo4jphp模块使用neo4j RST api。任何建议的人。

感谢提前。

解决方案

使用Web服务的价值之一就是将客户端与服务的实现脱钩。在您的情况下，这意味着REST提取Neo4jPHP代表您进行的Cypher查询的详细信息。因此，防止注入的责任落在Neo4jPHP上。这是实施细节。即使您愿意，您也不应该对此进行修改。

如果您自己进行Cypher查询，情况就不一样了。然后，您将使用类似这样的参数：

  query = START n = node（*）WHERE n = {search}返回n  
 db.query查询，{搜索： userProvidedValue} 
  

我建议您写请访问Neo4jPHP论坛，以确保他们确实通过编写参数化的Cypher查询采取了这些预防措施。或查看源代码并亲自进行验证。

i was wondering just like in conventional RDMS there is SQL injection so in PHP we use PDO for injection prevention but what do we use to prevent injection in Neo4j. I'm using neo4j RST api via jquery and via neo4jphp module.. So any suggestion guys.

Thanks In Advance..

解决方案

One of the values of using web services is decoupling the client from the implementation of the service. In your case, this means that REST abstracts away the details of the Cypher queries Neo4jPHP makes on your behalf. So the responsibility for preventing injection falls on Neo4jPHP. That's an implementation detail. You shouldn't be able to tinker with that even if you want to.

The situation is different if you were making Cypher queries yourself. Then you would use parameters like this:

query = "START n=node(*) WHERE n={search} RETURN n"
db.query query, {search: "userProvidedValue"}

I suggest you write to the Neo4jPHP forums to ensure they have indeed taken those precautions by writing parameterized Cypher queries. Or look at the source and verify for yourself.

这篇关于neo4j db注入保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！