HTTP security


(skaffman-2) #1

A browse through the ElasticSearch docs is telling me that there is no
support for HTTP authentication. Is this the case?

If so, what would be involved in adding it as a custom module? I
would need different authentication details for different functions
(e.g. no auth for performing searches, but HTTP password required for
delete/put operations).

I would love to use ElasticSearch to replace our existing JSON web
services, but authentication is a critical feature for us.

I suppose we could stick a webserver between clients and
ElasticSearch, but it seems a shame to have to do that.


(Shay Banon) #2

Currently, there are no plan to support authentication and authorization on
ES level (as there are many different ways to do it, and different
levels/operations to support). You would need to do it on a proxy server.

On Tue, Dec 21, 2010 at 12:11 AM, skaffman kenny@chasmcity.com wrote:

A browse through the ElasticSearch docs is telling me that there is no
support for HTTP authentication. Is this the case?

If so, what would be involved in adding it as a custom module? I
would need different authentication details for different functions
(e.g. no auth for performing searches, but HTTP password required for
delete/put operations).

I would love to use ElasticSearch to replace our existing JSON web
services, but authentication is a critical feature for us.

I suppose we could stick a webserver between clients and
ElasticSearch, but it seems a shame to have to do that.


(system) #3