[DISCUSS] Elasticsearch data access layer #24861
Labels
discuss
Team:Core
Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Problem definition
Kibana in general and Kibana management features in particular make heavy use of CRUD calls to elasticsearch. Kibana serves as a proxy for es, providing search functionality generally but other apis are on a per instance basis. This secures es while placing a burden on kibana developers, however there's no stated set of security concerns so compliance is unclear.
Proposed solution
Develop a statement that outlines security concerns in detail.
Create a data access layer that centralizes es access. It would be nice to have a central whitelist of urls and methods.
The text was updated successfully, but these errors were encountered: