GET _snapshot 返回了secret 安全性大大降低

tencentyun / elasticsearch-repository-cos

The COS repository plugin adds support for using Tencent Cloud COS as a repository for Snapshot/Restore

Apache License 2.0

16 stars 15 forks source link

Open stoplyy opened 2 years ago

stoplyy commented 2 years ago

接口返回的信息，完全可以用来请求云服务的其他接口，至少能够获取到snapshot的全部内容，存在很大的安全风险