-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[docs][chore] warning for using localhost in security-best-practices #9444
[docs][chore] warning for using localhost in security-best-practices #9444
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be under the 'Safeguards against denial of service attacks' section.
I also don't think we should word it as a warning and make it seem like localhost
is the right option to use: it is the right option to use for many use cases, even if there may be use cases where it's not the right thing to do.
Instead, we should state that if localhost
resolves to something other than 127.0.0.1
/::1
, you can use these explicitly isntead
will this be fine @mx-psi ?
|
@mx-psi this is stale from last week, could you please review this PR. |
@Sanket-0510 Apologies, I likely won't have time to review until the end of the week |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9444 +/- ##
==========================================
+ Coverage 90.70% 90.90% +0.20%
==========================================
Files 347 348 +1
Lines 18199 18382 +183
==========================================
+ Hits 16507 16710 +203
+ Misses 1369 1348 -21
- Partials 323 324 +1 ☔ View full report in Codecov by Sentry. |
[...]
I disagree that this is a 'best practice': this is an edge case and we should document it as an edge case. |
This PR was marked stale due to lack of activity. It will be closed in 14 days. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would just go with this for now. We can add more info in the future, but I think this is straight to the point and gives the minimal information needed
Co-authored-by: Pablo Baeyens <pbaeyens31+github@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for bearing with me on this and apologies for the delay in replying (I went on vacation for a couple weeks 😄). Let's go with this for now and see how people respond :)
No worries, I hope you had a great vacation 😊. Yes now this looks to the point and is short also. ✨✨ |
Description:
warning and alert for using localhost which might go under DNS resolution and end up with an unexpected IP, risking security.
Link to tracking Issue: #9338
Documentation: Added Waring and risk alert in https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md