This is like configuring a Linux system with a user root/root. Of course, if someone has access to a root/admin user because the attacker knows the password, you are screwed. The shipped demo configuration is what it says, a configuration you can use to quickly set up a PoC or for testing purposes. Of course you should never use it on any production system!
···
On Friday, September 7, 2018 at 9:36:11 PM UTC+2, garino wrote:
I’m learning search-guard recently.
Is that possible?
When asking questions, please provide the following information:
Search Guard and Elasticsearch version
Installed and used enterprise modules, if any
JVM version and operating system version
Search Guard configuration files
Elasticsearch log messages on debug level
Other installed Elasticsearch or Kibana plugins, if any