This is an automated email from the ASF dual-hosted git repository. pkarwasz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/logging-site.git
commit f76bab765ce3835c313d174141f8681ab3c2514c Author: Piotr P. Karwasz <[email protected]> AuthorDate: Wed Aug 13 14:55:14 2025 +0200 Apply suggestions from code review Co-authored-by: Volkan Yazıcı <[email protected]> --- _threat-model-common.adoc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/_threat-model-common.adoc b/_threat-model-common.adoc index 5bd58573..57c05f35 100644 --- a/_threat-model-common.adoc +++ b/_threat-model-common.adoc @@ -34,13 +34,13 @@ Apache Logging Services distinguishes two kinds of users: Trusted Users:: + Application developers and administrators are considered **trusted** users. -They have unrestricted access to all the features of the logging framework. +They have unrestricted access to all the features of the logging framework and the environment it is deployed to. Untrusted Users:: + All the other users are considered untrusted. -[#threat-common-assets] +[#threat-common-sources] == Data sources Logging systems read data from multiple sources that are controlled by both trusted and untrusted users: @@ -52,8 +52,7 @@ To keep them secure: ** It is up to the deployer to ensure that untrusted parties do not have write access to these resources. ** It is up to the deployer to ensure that these resources are transmitted through a confidential channel. ** Non-confidential channels such as HTTP or JMX are disabled by **default** to prevent their unintentional usage. -** If configuration files use interpolation features such as -https://logging.apache.org/log4j/2.x/manual/lookups.html[lookups], it is up to the deployer to ensure that only lookups from trusted sources are used. +** If configuration files use interpolation features (e.g., https://logging.apache.org/log4j/2.x/manual/lookups.html[Log4j Lookups]), it is up to the deployer to ensure that only trusted sources are read. It is up to the programmer to document thread context keys that can be considered as trusted. * The logging frameworks **trust** that the objects passed to the log statements can be safely converted to strings:
