Hello,
since Elastic released some of the security features from X-Pack, I'm wondering if something did change in the security related best practices, as for example to have a Proxy installed before ES. I have a couple of semi-related open questions:
-
Let's presume I would have a Gold or Platinum subscription, then I would have the SSO-Features enabled, correct? I'm wondering if I can use ES as an authentication backend for a web-frontend application without any other backend/proxy in between? Would it be a good practice?
-
If I want to use the Basic-Subscription, what should I do then? I guess the best option is to roll-out my own backend, that handles SSO authentication and provides a REST-API that is completly decoupled from the ES Rest-endpoint, but this requires the most work.
-
What are the dangers of using ES through a Proxy from a web-frontend, in a simple configuration, without long RegEx-Rules? Ok, if it is completly open, it makes the proxy obsolete. So, what typical rules do you use? I imagine to block DELETE's and PUT's for example and make specific indexes read-only or not accessbile at all. But that's it, isn't it?
What is your way to go in an enterprise envrioment? My feeling is to do it as in 2.
Best,
Seb