Security
Table of Contents
Graphlytic user password
Passwords of Graphlytic users are stored in the HSQL DB encrypted using the BCrypt encryption.
In the case of an SSO integration, no passwords are stored in Graphlytic. See Single sign-on for more information.
Network Communication
Graphlytic Frontend (Browser) <=> Graphlytic Backend
The connection between Browser and Graphlytic should be configured to use HTTPS protocol. Graphlytic is delivered with a self-signed certificate for HTTPS but this is usually not usable in production. Please use a valid certificate for proper HTTPS or use reverse-proxy architecture using Apache, nginx, or another web server with HTTPS configured. In such a reverse-proxy setup, the communication between the proxy and Graphlytic can be HTTP.
Graphlytic Backend <=> Graph Database
Graphlytic uses vendor-specific protocols to communicate with the graph databases, e.g. Bolt protocol for Neo4j, Gremlin API for CosmosDB, TinkerPop Gremlin driver for Apache TinkerPop, etc.
In the case of Neo4j database, the Bolt protocol uses unencrypted communication as default. It can be configured to use TLS encryption, but the database needs to explicitly support encrypted bolt communication. See more in Neo4j Driver and Neo4j Operations Manual.
See Graph Connections for more information about the various graph database connection options.