These are chat archives for neoxygen/neo4j-neoclient

Apr 2015
Apr 26 2015 06:11 UTC
hi @ikwattro you can get something at
Christophe Willemsen
Apr 26 2015 09:27 UTC
There is one rule with Cypher and injection
Everything that is not passed as parameter is subject to injection
so in NeoClient it uses only the /db/transaction/commit endpoint to send queries
and you are encouraged to use parameters, for injection and for performance
the /db/data/cypher endpoint is never used
also, preventing injection should happen at one level higher, meaning this is not at the driver level to prevent $['GET'] parameters to be injected
also, in "production" applications, you'll never use $['GET']
but rather use higher level libraries like http foundation to take care of the request
now, if you have suggestions, I would be happy to implement them if needed