[docs][chore] warning for using localhost in security-best-practices

[Sanket-0510]

Description:
warning and alert for using localhost which might go under DNS resolution and end up with an unexpected IP, risking security.

Link to tracking Issue: #9338

Documentation: Added Waring and risk alert in https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md

[mx-psi]

I think this should be under the 'Safeguards against denial of service attacks' section.

I also don't think we should word it as a warning and make it seem like localhost is the right option to use: it is the right option to use for many use cases, even if there may be use cases where it's not the right thing to do.

Instead, we should state that if localhost resolves to something other than 127.0.0.1/::1, you can use these explicitly isntead

[Sanket-0510]

I think this should be under the 'Safeguards against denial of service attacks' section.

I also don't think we should word it as a warning and make it seem like localhost is the right option to use: it is the right option to use for many use cases, even if there may be use cases where it's not the right thing to do.

Instead, we should state that if localhost resolves to something other than 127.0.0.1/::1, you can use these explicitly isntead

will this be fine @mx-psi ?

If 'localhost' resolves to a different IP due to DNS then explicitly use these IPs instead:
IPv4: 127.0.0.1
IPv6: ::1
IPv6 Reminder:
In IPv6 setups, ensure your system supports both IPv4 and IPv6 loopback addresses to avoid issues.

Best Practice:
For clarity and safety, consider explicitly mentioning the IP (127.0.0.1) instead of relying solely on 'localhost,' especially in sensitive setups. Keep things consistent across different networks.

[Sanket-0510]

@mx-psi this is stale from last week, could you please review this PR.

[mx-psi]

@Sanket-0510 Apologies, I likely won't have time to review until the end of the week

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.90%. Comparing base (f11c5bb) to head (5fac17a).
Report is 70 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9444      +/-   ##
==========================================
+ Coverage   90.70%   90.90%   +0.20%     
==========================================
  Files         347      348       +1     
  Lines       18199    18382     +183     
==========================================
+ Hits        16507    16710     +203     
+ Misses       1369     1348      -21     
- Partials      323      324       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mx-psi]

[...]

Best Practice:
For clarity and safety, consider explicitly mentioning the IP (127.0.0.1) instead of relying solely on 'localhost,' especially in sensitive setups. Keep things consistent across different networks.

I disagree that this is a 'best practice': this is an edge case and we should document it as an edge case.

[github-actions]

This PR was marked stale due to lack of activity. It will be closed in 14 days.

[mx-psi]

I would just go with this for now. We can add more info in the future, but I think this is straight to the point and gives the minimal information needed

[mx-psi]

Thanks for bearing with me on this and apologies for the delay in replying (I went on vacation for a couple weeks 😄). Let's go with this for now and see how people respond :)

[Sanket-0510]

Thanks for bearing with me on this and apologies for the delay in replying (I went on vacation for a couple weeks 😄). Let's go with this for now and see how people respond :)

No worries, I hope you had a great vacation 😊. Yes now this looks to the point and is short also. ✨✨