mhenke1 commented on issue #3174: Change log level dynamically (updated) URL: https://github.com/apache/incubator-openwhisk/pull/3174#issuecomment-356880064 @rabbah (as discussed off-line) ?The thread opened by this PR is that somebody would be able elevate the system log level for calls to OpenWhisk by passing the X-OW-EXTRA-LOGGING header to the controller and impede the performance of the system. This performance hit would be restricted by the rate limiting mechanisms and the limited number of system level logs, but could be notable nevertheless.? The risk of such an attack would be very low since it would require a change the configuration of nginx (which blocks passing the header) which could be easily mitigated by redeployment ?of the original configuration.?? In the light of the risk assessment I would like to go forward with the PR as is.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
