39
Datadog has a security footgun
(sheriffcranky.substack.com)
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities !webdev@programming.dev
I mean sure but that’s a lot of words to say “I didn’t read the directions and no one caught it in a merge request review because no one else read the directions either.”
Their documentation and examples are pretty easy to read and the site parameter is explained in the getting started guide and even linked from the readme for the JavaScript sdk, and in lots of sample configurations so I’m not sure how this made it into a release and then no one noticed the missing metrics for eleven days, sounds like lots of issues in that shop.
The behavior of the sdk isn’t great but the proposed solution wouldn’t work because you can use custom endpoints for all of the components using endpoints on domains you own anyway.
Not sure what you're referring to by "custom endpoints" - if you are a normal Datadog RUM user you can only ever send data to one of the several "sites". There's nothing customizable.
That is what I’m saying, that SDK covers more than just normal users.
So what part of the proposed solutions "wouldn't work"?