They're worried that giving the exact version info of both ES and Lucene makes it easier should a threat already internally on the network attempt to compromise the system. At least I think that's the concern. On Dec 20, 2013, at 12:16 AM, "[email protected]" <[email protected]> wrote:
> Can you explain why showing the prompt is a problem? > > Maybe it helps us to understand if it is a common use case and a patch for > the codebase would be appropriate. > > As for the proxy, it is recommended to not expose ES to HTTP frontend access, > so a proxy is the best method I know. ES can be well hidden in a private > network like 10.0.0.0 or 192.168.0.0 - also there are a few dangerous > commands, and HTTP methods like DELETE to take care of. These are open by > default for maximum convenience, for admins with curl at hand, and must be > protected against malevolent access, if you set up ES in a hostile > environment. > > Jörg > > > -- > You received this message because you are subscribed to a topic in the Google > Groups "elasticsearch" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/elasticsearch/-uw4DDKM-3A/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/CAKdsXoF7QgrQRv83GA%2B8yXYtnuHbLF2uj%3Dk%2BN_5t1%3DNRXYH0bA%40mail.gmail.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ECA81518-4C39-44D7-929E-3D8ECC699FA4%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
