HTTP security

A browse through the ElasticSearch docs is telling me that there is no
support for HTTP authentication. Is this the case?

If so, what would be involved in adding it as a custom module? I
would need different authentication details for different functions
(e.g. no auth for performing searches, but HTTP password required for
delete/put operations).

I would love to use ElasticSearch to replace our existing JSON web
services, but authentication is a critical feature for us.

I suppose we could stick a webserver between clients and
ElasticSearch, but it seems a shame to have to do that.

Currently, there are no plan to support authentication and authorization on
ES level (as there are many different ways to do it, and different
levels/operations to support). You would need to do it on a proxy server.

On Tue, Dec 21, 2010 at 12:11 AM, skaffman kenny@chasmcity.com wrote:

A browse through the Elasticsearch docs is telling me that there is no
support for HTTP authentication. Is this the case?

If so, what would be involved in adding it as a custom module? I
would need different authentication details for different functions
(e.g. no auth for performing searches, but HTTP password required for
delete/put operations).

I would love to use Elasticsearch to replace our existing JSON web
services, but authentication is a critical feature for us.

I suppose we could stick a webserver between clients and
Elasticsearch, but it seems a shame to have to do that.