census-instrumentation
Don't include query parameters as part of the "http.url" span attribute
(Discussion moved from https://github.com/census-instrumentation/opencensus-python/pull/725)
At the moment, http.url attribute of an HTTP request span contains full URL with query parameters (https://github.com/census-instrumentation/opencensus-specs/blob/master/trace/HTTP.md#attributes).
This is not ideal, because in a lot of scenarios, query parameters can contain sensitive data.
Things such as API keys, tokens, secrets, etc. That's a fairly common patterns when integrating with various webhook-like services which don't allow information such as secrets / tokens to be sent via HTTP headers so they are sent using query parameters.
It's also a fairly common pattern (for better or worse) when authenticating with various APIs.
Because of that, I propose removing query parameters part from the http.url span attribute.
To solve for a scenario where query parameters don't contain sensitive data (aka explicit opt-in or similar by a developer on the library level), we would add new http.query_params or similar attribute which is optional.
in zipkin we solve this by not including url as a default tag. instead http.path
on the other hand, it would be surprising to have url not include the full url
On Wed, Jul 24, 2019, 5:22 AM Tomaz Muraus [email protected] wrote:
(Discussion moved from census-instrumentation/opencensus-python#725 https://github.com/census-instrumentation/opencensus-python/pull/725)
At the moment, http.url attribute of an HTTP request span contains full URL with query parameters ( https://github.com/census-instrumentation/opencensus-specs/blob/master/trace/HTTP.md#attributes ).
This is not ideal, because in a lot of scenarios, query parameters can contain sensitive data.
Things such as API keys, tokens, secrets, etc. That's a fairly common patterns when integrating with various webhook-like services which don't allow information such as secrets / tokens to be sent via HTTP headers so they are sent using query parameters.
It's also a fairly common pattern (for better or worse) when authenticating with various APIs.
Because of that, I propose removing query parameters part from the http.url span attribute.
To solve for a scenario where query parameters don't contain sensitive data (aka explicit opt-in or similar by a developer on the library level), we would add new http.query_params or similar attribute which is optional.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/census-instrumentation/opencensus-specs/issues/268?email_source=notifications&email_token=AAAPVVYFC4PLIEPISNQLJG3QA5ZCXA5CNFSM4IGJTTD2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HBBQLMA, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAPVVYLQQSKMG5IGOZQ4JDQA5ZCXANCNFSM4IGJTTDQ .
