[ https://issues.apache.org/jira/browse/HBASE-26160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wei-Chiu Chuang resolved HBASE-26160. ------------------------------------- Resolution: Fixed Thank you, [~bbeaudreault] for contributing the patch. > Configurable disallowlist for live editing of loglevels > ------------------------------------------------------- > > Key: HBASE-26160 > URL: https://issues.apache.org/jira/browse/HBASE-26160 > Project: HBase > Issue Type: Improvement > Reporter: Bryan Beaudreault > Assignee: Bryan Beaudreault > Priority: Minor > Fix For: 2.5.0, 3.0.0-alpha-2, 2.4.6 > > > We currently use log4j/slf4j for audit logging in AccessController. This is > convenient but presents a security/compliance risk because we allow > live-editing of logLevels via the UI. One can simply set the logger to OFF > and then perform actions un-audited. > We should add a configuration for setting certain log levels to read-only -- This message was sent by Atlassian Jira (v8.3.4#803005)