inherit
187084
0
Nov 25, 2020 14:16:15 GMT -8
caramcc
3
December 2012
caramcc
|
Post by caramcc on Apr 14, 2019 8:46:52 GMT -8
Is there any functionality to add "plugin key modified" event to the forum Security Log? I noticed that if the value of a plugin associated with a post is modified, e.g., from the javascript console, nothing is captured in the security log. Since this is a CRUD action associated with a logged-in user it seems like it should be logged.
(Posted this here rather than in the plugin forum because it relates to the security log and not plugin development, sorry in advance if that isn't right.)
|
|
inherit
29252
0
Sept 6, 2012 15:46:49 GMT -8
Derek‽
28,655
August 2004
kajiaisu
|
Post by Derek‽ on Apr 14, 2019 11:27:35 GMT -8
Plugin key value changes aren’t tracked by the security log. Changes to plugin settings in the ACP are recorded, but not individual keys.
As such, no, it’s not possible for a plugin developer to add an event to the security log. Only the backend forum software has any control over what appears in the log for the purpose of maintaining integrity, and those actions are limited to a standard, fixed scope.
There’s a fair argument for allowing it, I suppose, but I don’t know if PB feels comfortable opening up manipulation of the log to plugin development, even if it’s just to add entries. Perhaps v6 will bring such a change.
|
|
Kami
Forum Cat
Posts: 40,029
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,029
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Apr 14, 2019 11:59:02 GMT -8
For whatever it's worth, plugins as a whole can't affect anything in the admin panel's functionality, regardless of function. Plugins are only able to affect the forum proper.
That said, perhaps PB will be willing to consider adding to the logged actions of a forum to include plugin key modifications, rather than allowing plugin developers access to manipulate the log itself (since, historically, requests to allow the manipulation of the security log have been declined). The one thing I can see however is security log overload; if, for example, a super key's changes are being logged, that's (potentially) a lot of people overwriting that super key on a regular basis. I don't know what sort of resource requirements the security log has, but that could be a potential drawback.
|
|
inherit
187084
0
Nov 25, 2020 14:16:15 GMT -8
caramcc
3
December 2012
caramcc
|
Post by caramcc on Apr 15, 2019 15:31:47 GMT -8
Thanks for your responses.
Yes, my interest is less in having a plugin modify the security log itself and rather having updates/deletes get optionally recorded to the security log. If it were toggle-able for a given plugin key (i.e. so developers/admins could enable logging for low-volume keys) that would be even better.
I suppose this is more of a feature request, then. Generically being able to ship events to the security log would be even better but doesn't seem as feasible.
|
|
Kami
Forum Cat
Posts: 40,029
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,029
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Apr 15, 2019 15:50:11 GMT -8
Thanks for your responses. Yes, my interest is less in having a plugin modify the security log itself and rather having updates/deletes get optionally recorded to the security log. If it were toggle-able for a given plugin key (i.e. so developers/admins could enable logging for low-volume keys) that would be even better. I suppose this is more of a feature request, then. Generically being able to ship events to the security log would be even better but doesn't seem as feasible. It looks like this thread has been labelled as a feature request! \o/ As a note: feature requests aren't guaranteed to be delivered but it is at least something that PB is willing to consider implementing, pending time, resources, and feasibility (:
|
|