Is it possible to POST something destructive to /_search?

If I have an index http://localhost:9200/mydatarecords/ is it then
possible to POST something to http://localhost:9200/mydatarecords/_search
that can modify documents in that index?

The reason I am asking is that I am wondering, whether I can allow any
and all possible values to be POSTed to the _search URL, or whether I
should look at what's POSTed and yank things that unintentionally could
modify the data in the index?

Thanks!

  • Steinar

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.