I know this's kinda a silly question. But how I can secure elasticsearch server in the front end view. For example, I have to collect the user's data in the front and, that being said, every time user clicks a button or write something, we send the post request including the the data to the elasticsearch server to process.
So go back to the question, how can I protect the server while it has to be public to be used.
Should I make and proxy between the two, or any suggestion?
Thanks
We'd recommend you use https://www.elastic.co/guide/en/x-pack/current/xpack-security.html
Normally you have an application in the middle. The application communicates with elasticsearch. Not the end user.
I mean that I'd not expose my elasticsearch instance to the public directly. Like a database which is normally running in the backend network.
X-Pack (commercial) is something you need to look at wherever you put elasticsearch (back or front).
My 2 cents
Thanks for all the recommendations, but still, even I have an application/server in the middle, if the hacker gets the pattern of the request in frontend, they can easily make more request and spam our, like add more document into the database. And elastic can't help with that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.