What are you trying to achieve?
According to the db spec:
- The value may be sanitized to exclude sensitive information.
It does not strictly describes what should be the default behavior - sanitize the data, or not?
I am thinking that this approach might be risky, because of several cases:
- Users might not be aware of the query collection, and might expose sensitive data.
- In some instrumentations, db.statement was not collected in the beginning and was added (or will be added) in a later stage, when users are already using that instrumentation, which means that suddenly the Instrumentation might start exposing sensitive data without the user knowing about it.
- There are in-consistencies between different packages and instrumentation, some are displaying sanitized data, and some are displaying the original data.
I am suggestion that the spec should clarify what should be the default behavior regarding sanitization.
Additional context.
This issue is talking about missing examples, which might also clarify the behavior
What are you trying to achieve?
According to the db spec:
It does not strictly describes what should be the default behavior - sanitize the data, or not?
I am thinking that this approach might be risky, because of several cases:
I am suggestion that the spec should clarify what should be the default behavior regarding sanitization.
Additional context.
This issue is talking about missing examples, which might also clarify the behavior