You can write a Java app to authorize access with JAAS and use a SOCKS proxy to connect to an ES cluster in a private subnet. That is all a matter of network configuration, there is nothing that requires the effort of an extra ES plugin.
Jörg On Wed, Aug 13, 2014 at 3:38 PM, John Smith <java.dev....@gmail.com> wrote: > Hi I have been looking at the various transport plugins. Correct me if I > am wrong but those are for the http rest interface... Can plugins be > written for the node transport? > > Bassically this leads to securing ES. My ES is definitely not public and I > know i can use reverse proxies or one of the http plugins... But what about > client/programs connecting directly as nodes? > > Bassically I need user auth and some form of acl. SSL is secondary. Also > need to be able to audit the user access. Dealing with credit card data. So > I need to know 100% who is accessing the data. > > So... > What are some good steps to secure my ES cluster!? > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to elasticsearch+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/1ef17a07-bd72-4eee-a6b9-93ff8d0e7980%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoF4QuX1OjHeiUOe-7VScPAGvjwB0MTWZnD6SE4nLCBS4g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.