node-cassandra-cql: support for prepared statements #167
Conversation
|
Hi @asilvas, Sorry we hadn't commented sooner :(. I've reviewed the change, and although it's small it introduces a hairy security issue we haven't yet tackled in the Node.js agent: reporting query statements. We work very hard in other agents to obfuscate any sensitive data before reporting it, and we simply aren't ready to tackle this issue for the Node.js agent yet. Can you follow up with a request of what problem you are trying to solve with this information? We can then work to track it as a feature request internally. Thanks! |
|
These are prepared statements, not full cql statements with variables. This is the rough equivalent of stored procedures. Where the security concern? It's to track where time is spent. Again, same as with a stored proc. |
|
The issue is that instead of using the "parameters" argument to queries, some people may simply construct query strings with sensitive data in them directly. It takes a lot of effort to ensure we completely strip out any parameters from query statements, and many of our customers consider this extremely important to them. I'll make sure this gets tracked as a feature request. Thanks! |
|
As of today, we have added support for viewing slow queries out of the Node.js agent in New Relic. You can see the complete release notes here: https://docs.newrelic.com/docs/release-notes/agent-release-notes/nodejs-release-notes/nodejs-agent-1200 |
|
👍 |
|
Thanks! |
…/nestjs-config-file/follow-redirects-1.15.4 chore(deps): bump follow-redirects from 1.15.3 to 1.15.4 in /nestjs-config-file
…/axios-and-newrelic-1.6.0 Bump axios and newrelic
chore: update to newest community plus header
chore: update to newest community plus header
This gets us as close to stored proc monitoring as we're going to get for Cassandra.