Security Tradeoffs in Elasticsearch
The NoSQL ecosystem thrived on combining scalability and simplicity. This talk focuses on some assumptions we built Elasticsearch on, which helped the ease of use initially, but turned out to be less than perfect for security in the long run:
- Binding to all interfaces and broadcasting join requests to the whole subnet makes clustering simple.
- Running as root is the straightforward option.
- Guessing the content-type of a request is fine.
- Default passwords and clear-text password files are a reasonable tradeoff.
- Docker and distributed systems play well with your security efforts.
- Generating TLS certificates is easy.
- Everyone will turn on security and defaults are easy.
Hypothesis: You need ease of use to grow initially, but switch to more secure settings for critical workloads over time.