Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:105962
Return-Path: <markyr@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 72554 invoked from network); 17 Jun 2019 20:31:35 -0000
Received: from unknown (HELO localhost.localdomain) (76.75.200.58)
  by pb1.pair.com with SMTP; 17 Jun 2019 20:31:35 -0000
To: internals@lists.php.net
References: <alpine.LRH.2.21.1906171908350.27190@supernova.coretech.se>
Date: Mon, 17 Jun 2019 18:45:47 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.1
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.21.1906171908350.27190@supernova.coretech.se>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-Posted-By: 94.1.167.52
Subject: Re: [PATCH] Add configuration value to enable/disable stack
 tracelogging
From: markyr@gmail.com (Mark Randall)
Message-ID: <php.internals-105962@news.php.net>

On 17/06/2019 18:10, Erik Lundin wrote:
> Background:
> The latest version of PHP seems to handle fatal errors as exceptions 
> which results in stack traces being logged. Stack traces can potentially 
> contain sensitive information and should not be logged in a production 
> environment.

Having access to the full stack trace is, in my opinion, an essential 
tool for debugging.

Standard PHP Error reporting should always be disabled on production.

On the other hand, security in layers, and the less information you 
hold, the less probability there is of it getting out, or being 
catastrophic when you do, so having the option to turn it off wouldn't hurt.

As it happens I was dealing with some issues last month where my first 
order exception handler was failing, and logs were being put into 
stackdriver where they could potentially have been accessed by those who 
don't have direct access to the processes but do have access to logging.

I was wondering at the time if it would be possible to supply a public 
key via the PHP.ini and have the outputs encrypted before being written 
- as this is how I handle the stack traces in my userland exception 
logging database and IMHO would provide best-of-both-worlds.

The benefits of public key vs a symmetric key are that the logs remain 
secure even with read access to php.ini.

--
Mark Randall