I have posted this question to Stack Overflow to gather information about how to plan my application around security. The main question is how to leverage Elasticsearch and X-pack to hide part of my application from the public.
Hi @bradley,
if Elasticsearch is the main datastore of your application, you could use x-pack security user accounts for login. That way you could selectively grant access to portions of the data using index-level security and document-level security without maintaining an additional mapping between two authentication systems.
While this protects the data stored in Elasticsearch, it will not protect the client-side part of your source code. This would require you to split the client-side bundle into a public and a private bundle with the public bundle containing the login logic and the private bundle the rest of your application. The private bundle would have to be protected from being loaded without a login by a server-side application.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.