markt-asf commented on PR #993: URL: https://github.com/apache/tomcat/pull/993#issuecomment-4275543561
You are focussing on the wrong thing by considering malicious values being used for log manipulation. If the source is trusted then we only need to be concerned about configuration errors, not malicious values. If the source is malicious then it can do a lot more damage than log manipulation and there is no way to detect those malicious values or protect against that damage. Unless this PR takes account of the feedback in my previous comment, it is not going to be considered. Even if this PR does take acocunt of the feedback inmy previous comment, it may not be applied once the community considers the complexity it adds against the benefit it provides. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
