Partial Update Document without script

(Tushar Chevulkar) #1

I am using the following code for partial update

POST /website/blog/1/_update
   "script" : "ctx._source.views+=1"

is there any alternative way I can achieve the same thing. because I don't want to change anything in
groovy script because last time I changed the settings and my server was compromised.

So someone please help me with the solution or some security measures if there is no work around.

(Luca Cavanna) #2

sorry about the late answer. Instead of using the update , you can always get the document back and manually update it. Just beware that what the update api does internally is still a get+reindex, just slightly optimized compared to what you'd do manually.

If you do want to use groovy scripting, that means dynamic scripts need to be enabled. That said your server should never ever be exposed to the internet, besides whether scripts are enabled or not. Also make sure that the elasticsearch process doesn't run with root but with its own proper user.

If you need actual security features, you can have a look at shield, the security product developed by elastic itself.

(system) #3