Store User Login / Password in Neo4j Database ? Or use a "common" other Database ?

[Filip W.]

Hello everyone, 

I try to develop a web portal, which will retrieve information from stored data in Neo4j.
Users must have an account (login/password) to access to this portal.

My question is :

Should i store this login/password (as simple property ? encrypted ?) in Neo4j Database ?
or make the authentication based on other database ?
Any clue ?

Thank you :)
Filip

[Mark Needham]

If you've got all your other data in neo4j no reason not to store user authentication details as well I'd say. 

I'd store it as a property on the user node and yes definitely encrypted (you can using an encryption algorithm in your application to do that). I think bcrypt is meant to be the way to go these days but there are other algorithms as well.

You'll probably want to index the user in some way so that you can locate the user node before you check that the encrypted passwords match. 

Hope that helps.

Mark

Filip

--
You received this message because you are subscribed to the Google Groups "Neo4j" group.
To unsubscribe from this group and stop receiving emails from it, send an email to neo4j+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Filip W.]

Hi Mark,
As your wrote, all my data will be in Neo4j.
So i will try to find a solution to encrypt the password and have a look on bcrypt if it is easy to add to my application.
Anyway, thank you for your answer and it helps :)
Filip