[jfindley]

No. Plain text user passwords should never, in any circumstances, be entered into a search engine (which is what elasticsearch is). There is simply no possible excuse for this. There is no way this is elastic.co's fault, this is entirely on Elsevier.

[eythian]

You're right, but it is easy to do by accident. Log a stacktrace that includes some function arguments, and one of them is the password...

Now, it's possible to avoid this, but it's hard to avoid this completely in a complicated system.

[j_anstice]

I agree that the passwords should not be logged in any circumstances (if I had to guess, I might suspect that disk log files were ingested straight to elasticsearch), but I don't think this invalidates my argument that elasticsearch out of the box is not suitable for any data you intend to not share with the world.

[munk-a]

There is a separate thread about security best practice learning that touches on the question of if the rote security knowledge we pass on is making it more likely that someone logs a password. I think a discussion around logging habits is much more relevant and while elasticsearch may have _also_ been misconfigured, pumping passwords into an internally viewable log file is a bad idea even if that file is well secured.