Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:105965
Return-Path: <krakjoe@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 88616 invoked from network); 17 Jun 2019 21:50:25 -0000
Received: from unknown (HELO mail-ua1-f65.google.com) (209.85.222.65)
  by pb1.pair.com with SMTP; 17 Jun 2019 21:50:25 -0000
Received: by mail-ua1-f65.google.com with SMTP id f20so3944119ual.0
        for <internals@lists.php.net>; Mon, 17 Jun 2019 12:04:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=11j2N2DbC+/VtyVslioB1NeEvpolwHfcBDgpCBM1ubE=;
        b=EBsGdNapHAmabjZskka/cfs2eniM9T/NUemRGbVSWLPIhjLbtyQaAfcGKx5hnYxGJ+
         80Q0TEog+OUm/1/jpmhK0uZ1Qrfn19l4EcS+46jUuYspvBd7DaOrsC4qwHqtNk+vXPiz
         YPQLQvag/6JkV6nAA0ARmKdBbktznR7iWObW9V1aswnLSKiZCMEevbCtxCCW3Yxr3Z0i
         aQRxsDjscqWEQpvC61IkXQuQ9F71VvbhgWlW83PJwXuia1mXRWsoOmCVfkjfiWIElTlK
         iqf57J+KYI+qAx/EnfttGi57iES5FHOAsBF+AZaN3HfU45072g6JwOf8c2+d0kO+azoD
         pLbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=11j2N2DbC+/VtyVslioB1NeEvpolwHfcBDgpCBM1ubE=;
        b=KY5LnX82otxU4vB6yhJATfRKp9x0uzG2Q40lBNNhzlQg34xRTPvd7xRhVuySQImLo2
         AROiP7h26MDbTd+pJKF5MxfIbVYhF0AiMxVfb/UwP+sgTvwN10XufTvHK3yGW1F2SUYs
         /J/FdwKfY+/NBgOuy06agdMpXvgzZxGAQbSam1rAx+7Ha7TuGxEWLbfkgvtxazMSrbq2
         shGWIjvHerCthPl448VtDa22MReURI5ewpJ56lrCqX6rdUm+p6ik3Sp1DUZqnDJvmT11
         ZzhPMrt0zyQCSExM7aAhePtti/TkO2uYYrUW0N4HeKn1kEvhuGHivw4hjHOi8XS7OEqY
         4Umw==
X-Gm-Message-State: APjAAAVuFhI4Kwjnh+/Zze7/KdzJngJQay7LLRbZEnCvs9IjYgoEGYlc
	GqVJthuvN+oRMlGNYWFmGLL7F1cmPLkSaZhtqPs=
X-Google-Smtp-Source: APXvYqw63j67K5wof5QNSVsEZF5BJ/o3Mfl9dQGii5N7a1TVbwikYGVtAS2VUW9Vx7B7RTyFYsddn5tHES6iqVYDsJM=
X-Received: by 2002:ab0:4a55:: with SMTP id r21mr40530857uae.133.1560798278292;
 Mon, 17 Jun 2019 12:04:38 -0700 (PDT)
MIME-Version: 1.0
References: <alpine.LRH.2.21.1906171908350.27190@supernova.coretech.se>
 <20190617174944.09CAC4A005@supernova.coretech.se> <7840F1AA-297A-42E2-A727-62195670D3D0@coretech.se>
In-Reply-To: <7840F1AA-297A-42E2-A727-62195670D3D0@coretech.se>
Date: Mon, 17 Jun 2019 21:04:27 +0200
Message-ID: <CAOwTYAsCDKS0TkhA2MkKD2+Qbwq5BkutN8cYcF4RuiUYnW5nzA@mail.gmail.com>
To: Erik Lundin <erik@coretech.se>
Cc: Mark Randall <markyr@gmail.com>, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000f19a0e058b89aa8f"
Subject: Re: [PHP-DEV] Re: [PATCH] Add configuration value to enable/disable
 stack tracelogging
From: krakjoe@gmail.com (Joe Watkins)

--000000000000f19a0e058b89aa8f
Content-Type: text/plain; charset="UTF-8"

Evening all,

I've prepared an alternative: https://github.com/php/php-src/pull/4282

Hiding the arguments seems sensible enough, not as a hardcoded default
(default behaviour should be retained), but as a documented recommended
default for production.

I think, this needs to go through the RFC process, as nobody can merge an
implementation of this without consensus.

Cheers
Joe

On Mon, 17 Jun 2019 at 20:31, Erik Lundin <erik@coretech.se> wrote:

> Encrypting logs could potentially impact performance alot. My opinion is
> that core dumps and full stack traces should be disabled by default and
> activated only when needed to minimize the risk of data leaks. However,
> logging is needed. You need to get information about what went wrong.
>
> Maybe this should be enabled in steps?
>
> No stack trace (Default?)
> Stack trace with obfuscated argument-data
> Full stack trace
> /Erik Lundin
>
>
> > 17 juni 2019 kl. 19:45 skrev Mark Randall <markyr@gmail.com>:
> >
> >> On 17/06/2019 18:10, Erik Lundin wrote:
> >> Background:
> >> The latest version of PHP seems to handle fatal errors as exceptions
> which results in stack traces being logged. Stack traces can potentially
> contain sensitive information and should not be logged in a production
> environment.
> >
> > Having access to the full stack trace is, in my opinion, an essential
> tool for debugging.
> >
> > Standard PHP Error reporting should always be disabled on production.
> >
> > On the other hand, security in layers, and the less information you
> hold, the less probability there is of it getting out, or being
> catastrophic when you do, so having the option to turn it off wouldn't hurt.
> >
> > As it happens I was dealing with some issues last month where my first
> order exception handler was failing, and logs were being put into
> stackdriver where they could potentially have been accessed by those who
> don't have direct access to the processes but do have access to logging.
> >
> > I was wondering at the time if it would be possible to supply a public
> key via the PHP.ini and have the outputs encrypted before being written -
> as this is how I handle the stack traces in my userland exception logging
> database and IMHO would provide best-of-both-worlds.
> >
> > The benefits of public key vs a symmetric key are that the logs remain
> secure even with read access to php.ini.
> >
> > --
> > Mark Randall
> >
> > --
> > PHP Internals - PHP Runtime Development Mailing List
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>

--000000000000f19a0e058b89aa8f--