acka47
commented
5 years ago There might also be solutions to send authentification data with a HTTP request without others being able to intercept the user/password?
Open acka47 opened 5 years ago
acka47
commented
5 years ago There might also be solutions to send authentification data with a HTTP request without others being able to intercept the user/password?
dr0i
commented
5 years ago re search guard: this seems to do in principle the same as XPack. It needs SSL for the whole ES-cluster while this doesn't really make sense since the servers reside in a network of their own and are thus not directly accessible from outside. It would suffice to SSL kibana. So I would try to SSL kibana using apache, not via the SSL SafeGuard provides, which is in fact what your last comment suggested (where s#HTTP#HTTPS). But when I understand SearchGuard installation correctly this is not possible.
So, if we really want to use SearchGuard or XPack we can choose to have a downtime installing "into the blue" (meaning: can't say how much trouble there will be before everything is running smoothly again). Or we install a parallel cluster and switch smoothly.
My opinion is that the forcing of SSL at the plugin-side is dumb and will cost us lots of time.
Why not just use screenshots of kibana stats?
acka47
commented
5 years ago "Security for Elasticsearch [and Kibana] is now free": https://www.elastic.co/blog/security-for-elasticsearch-is-now-free
For https://github.com/lobid/lobid.github.com/issues/41, we need to be able to embed a Kibana visualization in a HTML page. There are different options to implement this: xpack (with many drawbacks), search guard.