[
https://issues.jboss.org/browse/WFLY-2637?page=com.atlassian.jira.plugin....
]
James Perkins commented on WFLY-2637:
-------------------------------------
Just a general comment so I don't forget, this whole thing should be looked at again.
Ideally we don't want to turn {{jboss.server.log.dir}} into a generic file server
directory for these commands. One option is to only allow defined file handlers files to
be listed/read, but this posses security concerns.
Don't allow audit logs to be viewed with list-log-files and
read-log-file operations
------------------------------------------------------------------------------------
Key: WFLY-2637
URL:
https://issues.jboss.org/browse/WFLY-2637
Project: WildFly
Issue Type: Enhancement
Security Level: Public(Everyone can see)
Components: Logging
Reporter: James Perkins
Assignee: James Perkins
Currently the {{list-log-files}} and {{read-log-file}} operations will allow any file
{{jboss.server.log.dir}} to be listed/viewed. Ideally only log files will be accessible,
but ultimately audit logs need to definitely not be accessible.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira