[jboss-jira] [JBoss JIRA] (WFLY-3222) Add access logging to managment web server
Brian Stansberry (JIRA)
issues at jboss.org
Mon Apr 7 14:48:13 EDT 2014
[ https://issues.jboss.org/browse/WFLY-3222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12959880#comment-12959880 ]
Brian Stansberry commented on WFLY-3222:
----------------------------------------
There needs to be a discussion here or on the dev list showing exactly what will be logged before this proceeds. There's a clear overlap with audit logging, and those need to be distinct or we need to ensure there is unified configuration with this and the audit log such that people who think they have locked down the data in the audit log don't find that it's all leaked out via a separately configured access log.
My primary concern: management resource addresses are potentially sensitive data.
> Add access logging to managment web server
> ------------------------------------------
>
> Key: WFLY-3222
> URL: https://issues.jboss.org/browse/WFLY-3222
> Project: WildFly
> Issue Type: Sub-task
> Security Level: Public(Everyone can see)
> Components: Domain Management
> Affects Versions: 8.0.0.Final
> Reporter: Tomaz Cerar
> Assignee: Tomaz Cerar
>
> It should be possible to configure access log for management web server.
> so we could have access log for management calls with IPs from where they came.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list