[jira] [Commented] (HBASE-26160) Configurable disallowlist for live editing of loglevels

Bryan Beaudreault (Jira) Thu, 05 Aug 2021 05:05:05 -0700


    [ 
https://issues.apache.org/jira/browse/HBASE-26160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17393941#comment-17393941
 ]


Bryan Beaudreault commented on HBASE-26160:
-------------------------------------------

Done, thanks to you both for the reviews

> Configurable disallowlist for live editing of loglevels
> -------------------------------------------------------
>
>                 Key: HBASE-26160
>                 URL: https://issues.apache.org/jira/browse/HBASE-26160
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Bryan Beaudreault
>            Assignee: Bryan Beaudreault
>            Priority: Minor
>             Fix For: 2.5.0, 3.0.0-alpha-2, 2.4.6
>
>
> We currently use log4j/slf4j for audit logging in AccessController. This is 
> convenient but presents a security/compliance risk because we allow 
> live-editing of logLevels via the UI. One can simply set the logger to OFF 
> and then perform actions un-audited.
> We should add a configuration for setting certain log levels to read-only



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (HBASE-26160) Configurable disallowlist for live editing of loglevels

Reply via email to