Comments (3)
Pinging @elastic/es-security (Team:Security)
from elasticsearch.
@howardhuanghua Thank you for raising this issue.
In order to investigate this further can you please share the details of the setup you've been using?
Details such as ES configuration and deployment details and details on the load generator.
from elasticsearch.
Hi @albertzaharovits , we can use a less pressure load test to reproduce, add some wrong password auth requests.
- Create 3 ES nodes cluster with x-pack security enabled in 8.11.
xpack.security.authc.reserved_realm.enabled: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: certs/ces-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/ces-certificates.p12
xpack.security.transport.ssl.verification_mode: certificate
Single node with 4Core 16GB memory, JVM heap 8GB.
- Start two bulk pressure test processors. The first one use the right auth info, the second one use wrong password.
The first test processor run with single thread concurrency in 5mins, result metrics:
Requests/sec: 2.01
Request Traffic/sec: 3.64MB
Total Transfer/sec: 7.65MB
Avg Req Time: 498.33887ms
Fastest Request: 263.07976ms
Slowest Request: 657.623901ms
Number of Errors: 0
Number of Invalid: 0
Status 200: 602
[Estimated Server Metrics]
Requests/sec: 2.36
Transfer/sec: 9.01MB
Avg Req Time: 423.049417ms
The second test processor run with two threads concurrency in 5mins, result metrics:
Requests/sec: 11.39
Request Traffic/sec: 20.68MB
Total Transfer/sec: 20.68MB
Avg Req Time: 87.770626ms
Fastest Request: 78.9918ms
Slowest Request: 249.787704ms
Number of Errors: 0
Number of Invalid: 0
Status 401: 3418
[Estimated Server Metrics]
Requests/sec: 20.75
Transfer/sec: 37.67MB
Avg Req Time: 96.373208ms
It's easy to re-produce in a less load pressure test with wrong auth requests.
In a production environment, some security attacks can severely impact the performance of an ES server if there are a large number of incorrect password requests.
from elasticsearch.
Related Issues (20)
- Allocation Explain API default unassigned primary HOT 3
- Add algorithm attribute to histogram field mapper. HOT 1
- Support spatial distance search in ES|QL (ST_DWITHIN, ST_DISTANCE) HOT 2
- ST_CENTROID scalar function in ES|QL HOT 1
- Support date_range fields in composite aggregation's date_histogram source HOT 1
- Check and fix incorrect documentation for timeout related parameters HOT 5
- Utility method to read timeout parameter from REST requests HOT 3
- `flattened` field documentation does not mention restrictions on keys or values HOT 2
- Rest integration test should run with more search concurrency HOT 1
- [CI] ConcurrentSnapshotsIT testQueuedOperationsOnMasterDisconnect failing HOT 1
- [CI] SpawnerNoBootstrapTests testControllerSpawn failing HOT 3
- `date_range` with `gte` lower than `lte` (<24h) but errors with min value greater than max value HOT 9
- Snapshot repository creation errors out, but is returned by `_snapshot/_all` HOT 5
- [CI] RoleDescriptorTests testIsEmpty failing HOT 1
- [ML] Inference API better support for asynchronous tasks HOT 1
- [ML] Inference api cohere rerank unused fields HOT 2
- ESQL: Allow limiting search to certain data tiers HOT 2
- BlockHash - ArrayIndexOutOfBoundsException HOT 2
- Translate Processor for Ingest Pipelines HOT 2
- High heap usage due to snapshot post-deletion cleanup HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elasticsearch.