Y
Hacker News
new
|
ask
|
show
|
jobs
by
cm2187
2224 days ago
Does elasticsearch have no authentication by default like mongodb or did someone deliberately make it public?
2 comments
tyingq
2224 days ago
Fixed now, but this was a common sequence of events at one time:
https://discuss.elastic.co/t/ransom-attack-on-elasticsearch-...
link
cm2187
2224 days ago
My god, it looks even worse than no security by default. It gives you a false sense of security then unlocks in your back when you are not watching.
link
leetbulb
2224 days ago
No authentication by default.
link