You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2018/01/11 09:41:53 UTC

[GitHub] mhenke1 commented on issue #3174: Change log level dynamically (updated)

mhenke1 commented on issue #3174: Change log level dynamically (updated)
URL: https://github.com/apache/incubator-openwhisk/pull/3174#issuecomment-356880064
 
 
   @rabbah (as discussed off-line)
   ?The thread opened by this PR is that somebody would be able elevate the system log level for calls to OpenWhisk by passing the X-OW-EXTRA-LOGGING header to the controller and impede the performance of the system.
   This performance hit would be restricted by the rate limiting mechanisms and the limited number 
   of system level logs, but could be notable nevertheless.?
   
   The risk of such an attack would be very low since it would require a change the configuration of 
   nginx (which blocks passing the header) which could be easily mitigated by redeployment  ?of the original configuration.??
   
   In the light of the risk assessment I would like to go forward with the PR as is.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services