How can I expose an interactive neo4j visualization (safely) to users over the internet?

I'm trying to stand up a (non-commercial) web application that uses neo4j Community 3.5.2 as a backend.

The application interfaces with the graph in two ways:

• Server-side (safe) with flask to write new nodes and relationships

• Client-side (not safe) to read using neovis.js which, as far as I can tell with my limited JS knowledge, requires me to embed credentials in client-side code.

It makes me seriously queezy to allow clients to access an internet-exposed DB directly but, and again as far as I can tell, it's the only way I can keep a visualization interactive for my site's users. Is that correct?

Assuming it is, I'm exploring creating a user with read-only permissions to minimize exposure. The docs all seem to indicate I need the enterprise edition to do this. Is that correct?

Any general guidance or alternate approaches? This feels a bit wrong.

from How can I expose an interactive neo4j visualization (safely) to users over the internet?