HTTP Basic Auth about node-neo4j HOT 6 CLOSED

Thanks for the workaround, @anatoliychakkaev. We’ve been using a firewall to protect our database but I always wondered how one could use Basic auth. One idea that comes to mind is for Neo4j to support relative URLs in their responses so the base URL given to the GraphDatabase class can be reused.

/cc @aseemk

from node-neo4j.

I saw a thread on the mailing list recently about Neo4j returning relative URLs, just like you propose, @gasi:

http://neo4j.org/forums/#nabble-td3353095%7Ca3375298

Parts of the discussion revolved around auth also, though. Not sure if it's totally relevant, but hopefully some of it helps?

from node-neo4j.

I finally got around to trying Neo4j on Heroku (love it), and did run into this too. Sorry for the delay in fixing this, but it's finally fixed upstream! Many thanks, @anatoliychakkaev, for the great report.

from node-neo4j.

Nice work, @aseemk! I had to do something similar at work recently, in my case for JIRA, and it turns out I could do it more elegantly using the Authorization HTTP header for HTTP Basic Auth using Base64 encoded credentials: https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+Basic+Authentication

Would that work for Neo4j?

from node-neo4j.

Thanks @gasi. I did look into using the header also, but ultimately, it would still require updating every HTTP request the library makes -- in this case, to add this header instead of tweak the URL -- so it felt like it'd be better (less work, and separation of concerns) to just tweak the URL and let request generate the header. What do you think?

from node-neo4j.

I guess that works. Putting auth in the header gave me some (incorrect) sense of security since the information was Base64 encoded ;)

from node-neo4j.