Kibana sharing security question


#1

Hi All,

I have successfully embedded the iframe from the Kibana sharing option into a 3rd party application.

However, when I open Chrome develloper tools, I can see the elasticsearch query with data post and request that was made.

Request URL:https://url.kibana.com/elasticsearch/_msearch?timeout=0&ignore_unavailable=true&preference=1463648533777
Request Method:POST

Request Payload :

{"index":"test","search_type":"count","ignore_unavailable":true}
{"query":{"filtered":{"query":{"query_string":{"analyze_wildcard":true,"query":"place_id:MS000843"}},"filter":{"bool":{"must":[{"range":{"date_ymd":{"gte":1461057992178,"lte":1463649992178,"format":"epoch_millis"}}}],"must_not":[]}}}},"size":0,"aggs":{}}

My question: Is there a way to avoid the client to update the query to prevent it see no other information in the same index?

Thanks for your help

J.


(Mark Walkom) #2

You don't want the query to be shown in the developer tools?


#3

I would like to know, if there a way to hide the Request payload between kibana and elastic search to avoid that clients changes the queries sent to ES.


(Mark Walkom) #4

There is not.


(system) #5