Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:116854
Return-Path: <danack@basereality.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 86356 invoked from network); 10 Jan 2022 15:52:35 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Jan 2022 15:52:35 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id E34141804B1
	for <internals@lists.php.net>; Mon, 10 Jan 2022 09:01:19 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <danack@basereality.com>
Received: from mail-ua1-f46.google.com (mail-ua1-f46.google.com [209.85.222.46])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 10 Jan 2022 09:01:19 -0800 (PST)
Received: by mail-ua1-f46.google.com with SMTP id y4so24659276uad.1
        for <internals@lists.php.net>; Mon, 10 Jan 2022 09:01:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=basereality-com.20210112.gappssmtp.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=zL5ole/Woj9uyrpmFMP5oarNujyepWJuwVUv3ZCx8lQ=;
        b=KglDh1lIknOkNXi3X00sTDepZJqqjtl8IiFXaEsXeAMa8v1KOM8Doz8oDA/nKmAT2D
         fx57xg5TcPY4Nq+nk9sm5zNsop/0NLSsi37n6mtCadmR837h6Gc+QyDcbfI9VuuvdTJN
         Iyd/CIqlM6GYnP0H2Uz3GoYIVJ4CzC7h2SOnHemG3H4BJexZ/SxP/hAlt2SHePDdbpIn
         Z9T4gfTKMQNi8a9IoLigWPWddhnTeOi3HfltnBjEuwwMKgQi0j6OewRSMP01lk93PLy4
         dBRmdN38Ovnybk7PrJOnORhU4mpiI8zjTiRjHD5HOZcR7Zt86N6PXCx8mwDWl3oHUln4
         TCRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=zL5ole/Woj9uyrpmFMP5oarNujyepWJuwVUv3ZCx8lQ=;
        b=Mosar2XXORo4ZsCSn6sUasOP5wrDwcn3nhdhiBMjq1ZNowangTfD5ojH2vqhN0Nlr4
         S7+HnDdR9Y0Lft+UNGT/e1ScNPafqpGsmxiKuwtWsECtmo+5Yj4d+U99h/DgDoOK0CGW
         OdNk3PB+G6Xav+5bV00hqRfuhpZMdr9Eded7vyXTGeBTOPLQfTH6Jk4OwCaagN1h26p4
         2WQh//OlUa+PJ3dP4XcVqb4javg3fjuPDeJGbif0hTfFtG4EmEP8WflyRNsEOyVm3YKz
         +fYe8CcnAQRfBjC2X7FfqidgBZGOjxEqrF9LRpD9L1YpGXoQol+TBlInZEBzQY5xquY+
         oZdQ==
X-Gm-Message-State: AOAM531n4JVON3WnDmJHVX03wAeCuYNEWKb3NNsNQXuOtlBfrX4QEzr0
	6ejJbEOatHbaSf4G7qZq616JuekpFRvI/wgPlKdnVaHaRWgRNQ==
X-Google-Smtp-Source: ABdhPJzlMKCk/4rzxFmOATHsTISX/Z+8FXgI/4ArGN0Jy0MrN+e7h1OuRhY18YGi/OxTy2jrELE2P6JtBE8mIkYXfPE=
X-Received: by 2002:a05:6102:3909:: with SMTP id e9mr359626vsu.9.1641834078440;
 Mon, 10 Jan 2022 09:01:18 -0800 (PST)
MIME-Version: 1.0
References: <ded42b3e-3149-1192-0f86-07715fcb7a3e@woltlab.com>
In-Reply-To: <ded42b3e-3149-1192-0f86-07715fcb7a3e@woltlab.com>
Date: Mon, 10 Jan 2022 17:01:06 +0000
Message-ID: <CA+kxMuTVMeqVN1UFwau3eaVgLa2DKRKaErzSdFCKLw9v066mVQ@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= <duesterhus@woltlab.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces
From: Danack@basereality.com (Dan Ackroyd)

Hi Tim,

On Mon, 10 Jan 2022 at 14:05, Tim D=C3=BCsterhus, WoltLab GmbH
<duesterhus@woltlab.com> wrote:
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th=
.
>
> https://wiki.php.net/rfc/redact_parameters_in_back_traces
>

How do other languages handle this problem? Or how do they avoid it in
the first place?

From the RFC:
> Specifically the back trace collection should be updated to use an object=
 of class
> \SensitiveParameter as the value for all parameters that are marked with =
the
> \SensitiveParameter attribute.

To me....these words are not clear. Does the following sentence say
the same thing?

"When the backtrace is generated, any parameter that has a
'SensitiveParameter' attribute will not have it's value stored in the
backtrace, but instead will be replaced with an SensitiveParameter
object.

If so, the RFC could be updated to be clearer.....if not, then the RFC
should be updated to be clearer.

Also, having parameters replaced with another type doesn't seem
obviously correct. There should probably be some words justifying why
that is the correct thing to do, rather than just replacing any values
with "****REDACTED***" or other simple behaviour.

> On shared web hosting, the customer might not be able to configure it.

My personal opinion is that shared web hosting shouldn't be a thing
that exists in 2022. And definitely shouldn't be used for anything
where secrets need to be maintained. Yeah shared hosts might have a DB
they can connect to, but those credentials should only be usuable from
the shared host to the DB.

cheers
Dan
Ack