Hacker News new | past | comments | ask | show | jobs | submit login

I meant querying the index from the frontend directly.



As in a publicly facing front end? If that's your case, you wouldn't ever want to expose Elasticsearch to your front end directly. If you have a private front end that is inside your firewall then just create HTTP requests to Elasticsearch - it has a RESTful API.

But querying from a publicly facing front end would be a poor idea - would you expose a database directly to the front end?


It is called Elasticsearch and not Elasticdatabase, at one point it sounded like good idea to jump on the nosql bandwagon.

It is a fantastic idea to call the index directly from the frontend and could be solved with a read only type of index or api key with read only scope.

The current design with an unnecessary security layer outside of Elasticsearch is a poor idea adding too much administrative overhead and ridiculous latency.


They have what you are looking for with their X-Pack Security addition, which requires a license, though under very favourable terms compared to others...


Hamburgers also don't have ham, you are missing the point.


I suggest checking out cloud.elastic.co if you want a way to securely query Elasticsearch directly from the browser without getting X-Pack




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: