Potential PII leak
jamestelfer opened this issue · 3 comments
The default configuration for the middleware publishes the resolver arguments to New Relic, which may include PII. The information could be useful, but it would probably be better to be opt-in to avoid unexpected information leakage to a third party service.
A potential solution could be to make the addition of args to the parameters configurable.
What are your thoughts? Are you interested in a PR for this change?
We had this same problem so we forked it and added a config similar to Absinthe Logger's config. We've been sitting on it for a couple of months but I just opened a PR for it today #15
I left a comment on the PR; IMO to avoid PII leakage it shouldn't publish this information by default at all, instead making it opt-in.
Newer agent versions have a config function_argument_collection_enabled that I can leverage to determine if we should include the arguments...