Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add db.statement sanitization/masking examples #708

Closed
mateuszrzeszutek opened this issue Oct 19, 2020 · 4 comments
Closed

Add db.statement sanitization/masking examples #708

mateuszrzeszutek opened this issue Oct 19, 2020 · 4 comments
Assignees
@jsuereth

Comments

@mateuszrzeszutek
Copy link
Member

What are you trying to achieve?

The trace DB spec mentions that the db.statement attribute value may be sanitized to exclude sensitive information but provides no example of such sanitization.
The aim of this issue is to add several examples of how we should sanitize database statements, e.g. INSERT INTO payment_cards (CC, EXP_DATE) values (?, ?) for SQL or HMSET cards cc ? exp_date ? for Redis.

Additional context.

See: open-telemetry/opentelemetry-java-instrumentation#1405
@mateuszrzeszutek mateuszrzeszutek mentioned this issue Oct 19, 2020
Merged
@Oberon00
Copy link
Member

Oberon00 commented Oct 19, 2020
edited
Loading

The given examples (if they actually contain ? instead of the actual values) need no sanitization I think.

@mateuszrzeszutek
Copy link
Member Author

Yeah, those are after sanitization. Let me correct myself, I meant something like that:

raw db.statement sanitized db.statement
INSERT INTO payment_cards (CC, EXP_DATE) values (1234432112344321, '10/2025') INSERT INTO payment_cards (CC, EXP_DATE) values (?, ?)
HMSET cards cc 1234432112344321 exp_date '10/2025'? HMSET cards cc ? exp_date ?

@avzis avzis mentioned this issue Jan 15, 2023
Closed
@avzis
Copy link
Contributor

avzis commented Jan 15, 2023

@mateuszrzeszutek
I think that in order to add specific examples, the specs should also better describe the format of the sanitization.
Like, what data need sanitization?
How to display sanitized data?
etc

(maybe it requires a dedicated issue)

@avzis avzis mentioned this issue Feb 7, 2024
Closed
@lmolkova lmolkova mentioned this issue Apr 3, 2024
Open
@arielvalentin arielvalentin mentioned this issue Oct 4, 2023
Merged
@jack-berg jack-berg transferred this issue from open-telemetry/opentelemetry-specification Feb 7, 2024
joaopgrassi pushed a commit to dynatrace-oss-contrib/semantic-conventions that referenced this issue Mar 21, 2024
@MrAlias
Unify the batch span processor parameters (open-telemetry#708)
2126c4b 
The parameter `maxExportBatchSize` refers to "export", but
`exporterTimeoutMillis` refers to the "exporter." This unifies on
"export" since they are both in reference to the same process.
@trask
Copy link
Member

trask commented Apr 24, 2024

Rolling this issue into #717

@trask trask closed this as completed Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsuereth jsuereth

Labels
None yet
Projects
Database Client Semantic Conventions
Status: Done
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jsuereth @trask @Oberon00 @mateuszrzeszutek @avzis