This is like configuring a Linux system with a user root/root. Of course, if someone has access to a root/admin user because the attacker knows the password, you are screwed. The shipped demo configuration is what it says, a configuration you can use to quickly set up a PoC or for testing purposes. Of course you should never use it on any production system!
On Friday, September 7, 2018 at 9:36:11 PM UTC+2, garino wrote:
I’m learning search-guard recently.
Is that possible?
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any