|
|
|
|
|
|
by takumo
2504 days ago
|
|
|
That’s a good question. I've had a bit of a look and it appears that the bulk of this is undertaken in the Trace Context specification itself. The data passed back for a trace includes a reference to the trace’s location within a tree. The root node for this tree should (perhaps must) be generated server-side, and the client-side can only send traces which are children of the root-trace given by the server. Specifically the `traceparent` data: traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01
Where 00 is the format version, 0af7651916cd43dd8448eb211c80319c is the root trace ID given by the server and b7ad6b7169203331 is the ID of the direct parent of this trace.While this doesn't prevent a malicious user from polluting a single trace, it does limit their scope to the root trace they've been given. It should then be possible to discard the entire trace, though I think identifying tampered traces could be difficult. |
|
|