avoid database corruption
Closed this issue · 1 comments
BlueCrescent commented
The generated Cypher queries might cause changes to the database.
This should be prevented by managing the rights associated with the credentials used by the system.
TODO:
- In the PrimeKG Neo4j Docker image, set these rights accordingly.
- Possibly, include the following warning from LangChain in our readme:
*Security note*: Make sure that the database connection uses credentials
that are narrowly-scoped to only include necessary permissions.
Failure to do so may result in data corruption or loss, since the calling
code may attempt commands that would result in deletion, mutation
of data if appropriately prompted or reading sensitive data if such
data is present in the database.
The best way to guard against such negative outcomes is to (as appropriate)
limit the permissions granted to the credentials used with this tool.
See https://python.langchain.com/docs/security for more information.
BlueCrescent commented
For now, this has been solved by adding the flag --env NEO4J_server_databases_default__to__read__only=true
to the docker run commands in the readme.