Request to have a flag for apoc.load.jdbc stored procedure to obfuscate URL on as-needed basis.

[rohankharwar]

Request to have a flag for apoc.load.jdbc stored procedure to obfuscate URL on as-needed basis.

With the usage of apoc.load.jdbc, we specify the URL and can contain the password for the connecting database. This can get logged in query.log and can be made visible to others. However customers are not able to Obfuscate literals in query log or disable parameter logging for audit purpose.
Hence it is important to have a flag so this URL that has id and password is not logged in query log.

We already obfuscate the URL when there is an error throw as part of the error message.

Hope this helps and if we need more information please let me know.

[rohankharwar]

HI @vga91 I see this issue is resolved in Neo4j Apoc Extended 5.26.0

Fixex #4256: Obfuscate JDBC Password in query.log (#4261) #4294 (by @vga91)

But I tried using this apoc.extended plugin and tested this .. and it is not obfuscating the URL literal.

2025-08-29 17:53:04.223+0000 ERROR id:20 - transaction id:8 - 25 ms: (planning: 7, waiting: 0) - 312 B - 0 page hits, 0 page faults - bolt-session bolt neo4j-browser/v2025.5.0 client/127.0.0.1:54166 server/127.0.0.1:7687> roci - neo4j - CALL apoc.load.jdbc( "jdbc:ajeje://localhost:3306/data_mart?user=root&password=root", 'SELECT * FROM PERSON WHERE NAME = ?', ['John'] ) YIELD row RETURN row - {} - runtime=pipelined - {app: 'neo4j-browser_v2025.5.0', type: 'user-direct'} - Failed to invoke procedure apoc.load.jdbc: Caused by: java.lang.Exception: No suitable driver found for jdbc:ajeje://*******

I can see error is obfuscated but not the actual query. Thanks.

[vga91]

Hi @rohankharwar

In neo4j.conf (or using the equivalent docker environment variables), do you have these two configurations shown in the PR mentioned? Namely:

db.logs.query.obfuscate_literals=true
db.logs.query.parameter_logging_enabled=false

If so, could you share if possible the neo4j.conf / docker environment variable, the Neo4j version and the APOC version?
Thanks

[rohankharwar]

Hi @vga91 ,
I have the following db.logs.query.obfuscate_literals set to false.
Is it not possible without setting this to false?

Customer would like to log all literals and parameters passed to the query. But at the same time they would like to disable the password piece passed during the apoc.load.jdbc.
In the code I see you have the following procedure obfuscateJdbcUrl. Is it not possible to control this with a flag to make it visible in the query.log or not.
When the error is displayed for apoc.load.jdbc this procedure is used to hide the URL. But is it possible to control it with a flag rather than use the Neo4j configurations mentioned above.
Thanks,
Rohan

[vga91]

Unfortunately not :/
query.log files are controlled by Neo4j, we have no control over them on the APOC side.

As far as I know, we can only obfuscate the parameters/strings/etc. of all queries:
https://neo4j.com/docs/operations-manual/current/monitoring/logging/#query-logging.

Ideally, we would have a configuration that would allow us to specify, for example, which procedures/parameters to obfuscate (something like db.logs.query.obfuscate_procedure=apoc.load.jdbc*),
but I don't think there's such a thing.

So maybe I would create another issue on the neo4j repo https://github.com/neo4j/neo4j/issues,
to ask if they can somehow implement this feature or if it already exists but is not documented.
Thanks.

[rohankharwar]

Got it. Thanks @vga91 .

[davidlrosenblum]

Hi @vga91 - where we thought we could intercept is in
(https://github.com/neo4j-contrib/neo4j-apoc-procedures/tree/2025.08/extended/src/main/java/apoc/load/jdbc)
/Jdbc.java
Wouldn't we be able to obfuscate the password before we send it off to log?
This is line 123
log.info( String.format( "Executing SQL update: %s", query ) );

[vga91]

Unfortunately that log.info( String.format( "Executing SQL update: %s", query ) );
is only responsible for logs in neo4j.log and debug.log, it's not printed in query.log.

In general, query.log does not seem to print log content created with log.info or similar methods,
but just logs the Cypher queries that are executed.
In fact, it logs even a simple return 'data_mart?user=root&password=root'.

2025-09-09 10:39:53.743+0000 INFO  transaction id:53 - 10 ms: (planning: 3, waiting: 0) - 0 B - 0 page hits, 0 page faults - bolt-session	bolt	neo4j-browser/v2025.2.0		client/172.26.0.1:59694	server/172.26.0.2:7687>	neo4j -  
EXPLAIN return 'data_mart?user=root&password=root' - {} - runtime=pipelined - {app: 'neo4j-browser_v2025.2.0', type: 'user-action'}

Indeed, if we change the procedure implementation to a simple procedure that always returns only an empty result:

@Procedure(name = "apoc.load.jdbcUpdate", mode = Mode.READ)
public Stream\<RowResult\> jdbcUpdate(@Name("jdbc") String urlOrKey, @Name("query") String query, @Name(value = "params", defaultValue = "[]") List\<Object\> params,  @Name(value = "config",defaultValue = "{}") Map\<String, Object\> config) {
   return Stream.empty();
}

the log will still be:

2025-09-09 10:34:02.937+0000 INFO  transaction id:14 - 23 ms: (planning: 21, waiting: 0) - 0 B - 0 page hits, 0 page faults - bolt-session  bolt    neo4j-browser/v2025.2.0     client/172.26.0.1:59694 server/172.26.0.2:7687\> neo4j -  - EXPLAIN CALL apoc.load.jdbcUpdate( "jdbc:ajeje://localhost:3306/data\_mart?user=root\&password=root", 'SELECT \* FROM PERSON WHERE NAME = ?', ['John'] ) - {} - runtime=pipelined - {app: 'neo4j-browser\_v2025.2.0', type: 'user-action'}
2025-09-09 10:34:02.995+0000 INFO  transaction id:15 - 7 ms: (planning: 4, waiting: 0) - 312 B - 0 page hits, 0 page faults - bolt-session  bolt    neo4j-browser/v2025.2.0     client/172.26.0.1:64884 server/172.26.0.2:7687\> neo4j -  - CALL apoc.load.jdbcUpdate( "jdbc:ajeje://localhost:3306/data\_mart?user=root\&password=root", 'SELECT \* FROM PERSON WHERE NAME = ?', ['John'] ) - {} - runtime=pipelined - {app: 'neo4j-browser\_v2025.2.0', type: 'user-direct'}
2025-09-09 10:34:03.007+0000 INFO  transaction id:16 - 3 ms: (planning: 0, waiting: 0) - 3248 B - 0 page hits, 0 page faults - bolt-session bolt    neo4j-browser/v2025.2.0     client/172.26.0.1:62760 server/172.26.0.2:7687\> neo4j -  -
CALL db.labels() YIELD label

Moreover, the password is still printed even without the extended jar:

MATCH ()-[]-\>() RETURN { name:'relationships', data: count(\*)} AS result

- runtime=pipelined - {app: 'neo4j-browser\_v2025.2.0', type: 'system'}
    2025-09-09 10:14:37.078+0000 ERROR transaction id:13 - 5 ms: (planning: 5, waiting: 0) - 0 B - 0 page hits, 0 page faults - bolt-session    bolt    neo4j-browser/v2025.2.0     client/172.26.0.1:62148 server/172.26.0.2:7687\> neo4j - 
 
EXPLAIN CALL apoc.load.jdbcUpdate( "jdbc:ajeje://localhost:3306/data\_mart?user=root\&password=root", 'SELECT \* FROM PERSON WHERE NAME = ?', ['John'] ) - {} - runtime=null - {app: 'neo4j-browser\_v2025.2.0', type: 'user-action'} - There is no procedure with the name `apoc.load.jdbcUpdate` registered for this database instance. Please ensure you've spelled the procedure name correctly and that the procedure is properly deployed.

There isn't much difference with the current 5.26 extended jar:

2025-09-09 10:12:30.703+0000 INFO  transaction id:7 - 96 ms: (planning: 49, waiting: 0) - 0 B - 1 page hits, 0 page faults - bolt-session  bolt    neo4j-browser/v2025.2.0     client/172.26.0.1:63944 server/172.26.0.2:7687\> neo4j - 
 EXPLAIN CALL apoc.load.jdbcUpdate( "jdbc:ajeje://localhost:3306/data\_mart?user=root\&password=root", 'SELECT \* FROM PERSON WHERE NAME = ?', ['John'] ) - {} - runtime=pipelined - {app: 'neo4j-browser\_v2025.2.0', type: 'user-action'}
2025-09-09 10:12:30.941+0000 ERROR transaction id:8 - 39 ms: (planning: 11, waiting: 0) - 312 B - 0 page hits, 0 page faults - bolt-session bolt    neo4j-browser/v2025.2.0     client/172.26.0.1:63944 server/172.26.0.2:7687\> neo4j -  - CALL apoc.load.jdbcUpdate( "jdbc:ajeje://localhost:3306/data\_mart?user=root\&password=root", 'SELECT \* FROM PERSON WHERE NAME = ?', ['John'] ) - {} - runtime=pipelined - {app: 'neo4j-browser\_v2025.2.0', type: 'user-direct'} 
Failed to invoke procedure `apoc.load.jdbc`: Caused by: java.lang.Exception: No suitable driver found for jdbc:ajeje://\*\*\*\*\*\*\*
2025-09-09 10:12:30.976+0000 INFO  transaction id:9 - 3 ms: (planning: 1, waiting: 0) - 3248 B - 0 page hits, 0 page faults - bolt-session  bolt    neo4j-browser/v2025.2.0     client/172.26.0.1:63940 server/172.26.0.2:7687\> neo4j -  -