These are chat archives for neoxygen/neo4j-neoclient

26th
Apr 2015
volovo
@volovo
Apr 26 2015 06:11
hi @ikwattro you can get something at http://blog.scrt.ch/2014/05/09/neo4j-enter-the-graphdb/
Christophe Willemsen
@ikwattro
Apr 26 2015 09:27
Well
There is one rule with Cypher and injection
Everything that is not passed as parameter is subject to injection
so in NeoClient it uses only the /db/transaction/commit endpoint to send queries
and you are encouraged to use parameters, for injection and for performance
the /db/data/cypher endpoint is never used
also, preventing injection should happen at one level higher, meaning this is not at the driver level to prevent $['GET'] parameters to be injected
also, in "production" applications, you'll never use $['GET']
but rather use higher level libraries like http foundation to take care of the request
now, if you have suggestions, I would be happy to implement them if needed