Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document/warn about cardinality issue with attributes where input "comes from the user" #485

Open
joaopgrassi opened this issue Nov 2, 2023 · 1 comment
Assignees

Comments

@joaopgrassi
Copy link
Member

joaopgrassi commented Nov 2, 2023

During discussion about semconv and GDPR in #128, @pellared also brought the point that certain attributes are prone for metric cardinality issues.

Today, we don't have any guidance or recommendation about such danger. During the semconv wg meeting on 2023-11-31, it was discussed that it may be a good idea for us to add some text highlighting such issues so users are aware.

@trask
Copy link
Member

trask commented Nov 2, 2023

Today, we don't have any guidance or recommendation about such danger. During the semconv wg meeting on 2023-11031, it was discussed that it may be a good idea for us to add some text highlighting such issues so users are aware.

For users, we have (some) warnings about such danger, e.g.

> **Warning**
> Since this attribute is based on HTTP headers, opting in to it may allow an attacker
> to trigger cardinality limits, degrading the usefulness of the metric.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants