If one gets a node certificate and the keystore password it can be possible to boot a node and connect to the cluster and get the data.
So the node certificates and the password need to be kept secure (for example leveraging unix file permissions). To avoid plaintext passwords in config files you can
use environment variables to mitigate this.
But luckily there is one additional TLS feature which can help here: hostname validation
If this is enabled (which is the default) a attacker have to assign the hostname of the certificate to the hostile machine which is hard in a corporate network because you normally need access to the DNS server
to do this.
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
search-guard...@googlegroups.com.
> To post to this group, send email to
search...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/search-guard/978d3ffd-5107-42d6-9fa3-4c47f9f5fbd7%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.