Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security flaw: neo4j-admin backup does not ask credentials when making a remote backup #12547

Open
deemeetree opened this issue Jul 8, 2020 · 4 comments
Open

Security flaw: neo4j-admin backup does not ask credentials when making a remote backup #12547

deemeetree opened this issue Jul 8, 2020 · 4 comments
Labels
bug team-kernel

Comments

@deemeetree
Copy link

In Neo4J 3.x.x (up to the latest 3.5.17) when you are attempting to make a remote DB online backup using

neo4j-admin backup ...

the script connects to a remote database without any security credentials.

Effectively this means that when you have your DB open with the backup port open anybody could connect to your DB from the outside and copy all your data.

I raised this issue numerous times on Neo4J forums, but nobody cares: https://community.neo4j.com/t/is-there-any-password-protection-for-making-online-backups/20372/6

So I'm just trying to reach the developers here.

This is not normal and it's a huge security flaw. You should inform your users about this.

You yourselves recommend to do remote backups from a different server not to overload the production environment and yet in 7 years that this function has been available this security flaw has not been addressed or explicitly mentioned in your docs.
@deemeetree deemeetree added the bug label Jul 8, 2020
@psikala
Copy link

psikala commented Jul 8, 2020

documentation suggest that remote access should be blocked.

@deemeetree
Copy link
Author

@psikala the same documentation suggests that you should do backups remotely. So how are you supposed to do them remotely if remote access is blocked?

@psikala
Copy link

psikala commented Jul 11, 2020

@deemeetree true that.

I agree that there should be some kind of authenticatition, but personally, I don’t see that as a dealbreaker. Alltough, users has to be careful and know what they are doing. I think that remote backups are suggested that you don’t create extra load to the database servers.

You can, for example, have backup machines are in the same environment/tenant than database -servers, so you can use ”internal” network. Remote access is blocked from outside of the tenant and you are safe.

@hugofirth
Copy link
Member

Hi @deemeetree & @psikala

If you wish to do remote backups securely, you should configure the backup server and client to use SSL/TLS, as documented here. There is, as yet, no concept of Neo4j user authentication when performing a backup, as backups are not considered to be a per-user process. Instead they are performed by a sysadmin/operator.

I hope that helps?

For what its worth I think the docs could be more explicit about this case: perhaps providing a worked example. I'll see if we can improve them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug team-kernel
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@deemeetree @hugofirth @psikala @jennyowen