Do not allow file URLS

InternetHealthReport · Aug 21, 2024 · f9481fb · f9481fb
1 parent 00a3bcd
commit f9481fb
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/public/conf_notls/neo4j.conf b/public/conf_notls/neo4j.conf
@@ -205,7 +205,8 @@ server.http.enabled=true
 # Determines if Cypher will allow using file URLs when loading data using
 # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV`
 # clauses that load data from the file system.
-#dbms.security.allow_csv_import_from_file_urls=true
+dbms.security.allow_csv_import_from_file_urls=false
+dbms.security.allow_file_urls=false
 
 
 # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS

diff --git a/public/conf_tls/neo4j.conf b/public/conf_tls/neo4j.conf
@@ -205,7 +205,8 @@ dbms.ssl.policy.https.public_certificate=neo4j.cert
 # Determines if Cypher will allow using file URLs when loading data using
 # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV`
 # clauses that load data from the file system.
-#dbms.security.allow_csv_import_from_file_urls=true
+dbms.security.allow_csv_import_from_file_urls=false
+dbms.security.allow_file_urls=false
 
 
 # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS