Disable script access to _source by default
#17558
Comments
clintongormley
added
>breaking
help wanted
|
I was against this when I read the title but I'm ok with it if we make it enable-able with a dynamic setting. _source is genuinely useful but really slow. It'd be nice to document exactly why when we write the docs for the dynamic setting. Maybe this is a thing we should enable on the request instead? It feels like a dynamic setting is too broad. Like, when I ran _source things at WMF I really only ran them on a handful of requests. All hand written, all ones I was willing to wait for. OTOH allowing anyone to override it feels funky. If core ES had users and permissions I'd say "this should be a permission a user has". Point of clarification: this only applies to searches. It'll be ok by default to put it in |
Think of this from the viewpoint of the sysadmin who wants to protect their cluster from abuse by users. Like the other safeguards, this would be a setting the sysadmin could use to turn slow/dangerous stuff off |
|
This has been done in Painless. Closing |
Accessing the
_sourcefield within a script is very slow and can hurt a cluster's performance. That said, it can be a useful way of accessing some not-indexed value for one-off uses without having to reindex.As a safeguard, let's disable script access to
_sourceby default (other than update/reindex scripts, obviously) and allow the user to re-enable access with a dynamic index setting.The text was updated successfully, but these errors were encountered: