![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dreamwidth/dreamwidth] 6dc7b3: Drop high-cardinality username tag from extacct stats
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: 6dc7b32ef3eed8378f40270d35c3a0b7a45dd21b https://github.com/dreamwidth/dreamwidth/commit/6dc7b32ef3eed8378f40270d35c3a0b7a45dd21b Author: Mark Smith mark@dreamwidth.org Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths: M cgi-bin/DW/External/Userinfo.pm
Log Message:
Drop high-cardinality username tag from extacct stats
The username:$user tag on dw.worker.extacct.{success,failure} tracked each remote external-site user individually, making it the top metric by active series count in Grafana Cloud billing. Site alone is bounded to the DW::External::Site enum and gives the actionable dimension.
Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com
Commit: ad345841bf9b424ceb6bf65be2136b88fb612301 https://github.com/dreamwidth/dreamwidth/commit/ad345841bf9b424ceb6bf65be2136b88fb612301 Author: Mark Smith mark@dreamwidth.org Date: 2026-04-20 (Mon, 20 Apr 2026)
Changed paths: M cgi-bin/DW/Controller/Importer.pm M cgi-bin/DW/Logic/Importer.pm
Log Message:
Validate importer hostname against source whitelist
The /tools/importer UI offered a dropdown of three allowed sources (livejournal.com, insanejournal.com, dreamwidth.org), but set_import_data_for_user accepted whatever hostname the POST carried and INSERTed it straight into import_data. A crafted POST could inject arbitrary hostnames, which then flowed into the new hostname: tag on dw.worker.importer.job_completed as a cardinality-injection vector.
Extracts the allowed-source list into DW::Logic::Importer->allowed_sources so the controller's dropdown rendering and the logic layer's validation share one definition, and rejects any hostname not in the list.
Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com
Compare: https://github.com/dreamwidth/dreamwidth/compare/00b8f85a98e0...ad345841bf9b
To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications