Containers, or VMs are also a valid approach to limiting access and potential breaches.
Like all security, it's a multi-layered approach. Regards, Mark Walkom Infrastructure Engineer Campaign Monitor email: [email protected] web: www.campaignmonitor.com On 4 June 2014 19:57, [email protected] <[email protected]> wrote: > One very essential feature, from the very beginning, is that Elasticsearch > instances, when started, automatically form a cluster over the network. > > This is only possible in an open network environment and by having > multicast enabled. > > Are you aware, that by talking about "safe" configuration options "by > default", you no longer can expect Elasticsearch to form a cluster? And > that others would have to suffer from that? > > If you want security, you can not do this simply by adding "security > modules" or by "safe" configuration options: it's always the responsibility > and the awareness of the admin in person to run and maintain the software > in a protected environment. > > It is just ridiculous to read that running applications under superuser > privileges and allowing world-wide access over the internet to a host with > user applications need "safe configuration options by default" and > "unnecessary burden must be prevented". > > This is open source. Use the power of it. But do not blame others for your > personal mistakes. > > Jörg > > > > > On Wed, Jun 4, 2014 at 11:34 AM, 'Adolfo Rodriguez' via elasticsearch < > [email protected]> wrote: > >> >> *>>>>> ES with absolutely no security features* >> >> >>> *However, I think software should fit for purpose and delegate security >>> in other specialized programs.* >>> >> >> just to clarify, I think there is not need of any additional security >> modules but, I agree that, any configuration option must be safe by >> default. And if any additional module is provided, make it optional to >> prevent unnecessary burden >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/79a862e2-713b-4c05-821f-70f505a6ee60%40googlegroups.com >> <https://groups.google.com/d/msgid/elasticsearch/79a862e2-713b-4c05-821f-70f505a6ee60%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/CAKdsXoHhDcwQxuhMpjO%2BX0sGe9wkmRRhkqQDwWo5nZ-WWvh_-A%40mail.gmail.com > <https://groups.google.com/d/msgid/elasticsearch/CAKdsXoHhDcwQxuhMpjO%2BX0sGe9wkmRRhkqQDwWo5nZ-WWvh_-A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEM624YjRikoQ4xdo05X1LNy3BSAiRbUmL1Mg5xw3qQTZJ%2Bcwg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
