ashb opened a new pull request, #67904:
URL: https://github.com/apache/airflow/pull/67904
Trace propogation is a useful tool to let us trace execution across
distrubted
systems -- exactly what we have with the API server and the workers. We
already propogated the trace context all the way from the task code in
#66151,
this continues it to any spans emitted on the API server side.
The mode of trace propagation is set to "only-authenticated" by default to
defend against data polution (i.e. it's not a security risk):
- Sampling-flag manipulation: they set the sampled flag (`-01` trailer) on
every request to force your tracing backend to record all their
reconnaissance/probe traffic. If you pay per ingested span or have
constrained trace storage, this has a real cost.
- Trace ID pollution: attacker-controlled trace IDs appear in your backend.
With 128-bit random IDs, collision with a legitimate trace is negligible,
but it clutters dashboards.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
