|
|
|
|
|
|
by tastroder
2543 days ago
|
|
|
I'd be hard pressed for blaming them tbh. I think the reasoning is that these are internal services you should put behind whatever measures you have put in place anyway and not expose otherwise. While the previous comment is technically correct about being unsecure by default, they also don't listen to the outside world (see [1], network.host) by default. I've always thought that makes sense for elastic tbh, security isn't their core business so by leaving that part up to you they avoid screwing it up. [1] https://www.elastic.co/guide/en/elasticsearch/reference/curr... |
|
|
(just to pick an example I'm familiar with).