-
Notifications
You must be signed in to change notification settings - Fork 896
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change db.statement
to only be collected if there is sanitization
#3127
Conversation
…rity vulnerabilities.
…metry-specification into sanitize_query_by_default
# Conflicts: # CHANGELOG.md
@avzis I think this looks good.. I had my approve but then saw it's still in draft. Do you want to do more changes? |
This PR can stop being a draft btw (unless you plan to add more content, as Joao mentioned). That way you should way more reviews ;) |
db.statement
to only be collected if there is sanitization
@trask I will merge this and make it part of the April release, unless you think we should hold it for be May one. Let me know what you think. |
👍 |
Relocate the changelog for #3127.
Relocate the changelog for open-telemetry#3127.
Add a recommendation to disable DB_STATEMENT by default.
Fixes #3104
Changes
Currently DB_STATEMENT parameter is collecting the full query that is being made to a DB.
I suggest disabling this attribute by default, and giving users the option to opt-in into logging it.
It is also possible to give users a way to supply a sanitization function, in order to display only specific information.