jvz commented on issue #2100: URL: https://github.com/apache/logging-log4j2/issues/2100#issuecomment-1869806222
Yes, I covered that point in > Advanced methods of handling configuration (such as a refresh period for the config file, JMX remote management, or other remote methods for updating a config) must be protected by the programmer behind some form of authentication and authorization; it is beyond the scope of this library to hand wave away your identity solution or file permissions. Though I suppose JMX in general could use a warning about using it properly, especially once it's been extracted into a standalone module. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
