Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116859 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 9532 invoked from network); 10 Jan 2022 21:51:11 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 10 Jan 2022 21:51:11 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 7AFFC1804BA for ; Mon, 10 Jan 2022 15:00:00 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 10 Jan 2022 14:59:56 -0800 (PST) Received: by mail-pl1-f182.google.com with SMTP id l15so14334148pls.7 for ; Mon, 10 Jan 2022 14:59:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=l5fyQBX12hgnkFtX2C+A+mqTsUovt6Z5YKrpMLXieJQ=; b=XA9gKSYPziBWGBQpuxeNGTxQ0rD5QsAp0/5FydwvICSsy0/yZ/qLcCM57ucErxMH26 zNhrWqMn7RuSv/dSE798bXoMfCu0TUhdwArKWsoJ+Pr/OBgmsxED8dCLuMT526oH/9Af RaoU+4MIRGN60muaXSNtTvt2Rr5XDyPlAD9VtF8K9PIo79qmcLaDOm5E6ahgTHpdtQpV MaxfgNrXV5crqJe0tv1ZCb1i/U515XheVZCM5H5spF8Q/wCrSbdQZhYT+R+HQXdwGTzJ UqAGriib36KM57lcgJyn5/dEwBmqnXY/8A5z1mkQfp0pSRCkCnpCyTmRod1ECLpbv1rA 2Qeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=l5fyQBX12hgnkFtX2C+A+mqTsUovt6Z5YKrpMLXieJQ=; b=JKp3CwWclLS3QM4h6fTxXRenl6VPSNS4luxDrumH54Wl60kQp9f7MG/aiw7zqR//Km 8HBeV9CRUcoJRzu1MVJSQ8YIsPB9LxVolPE5sNPmV6QXCgv1zqdlKkJw4XkJZqaMCEt5 LmH3iugocfOjKUrbIGMKDJxfYiDD/xuOOoV7w/l1Lpcdeldx4hwzFBUv5m2bslBCUofV RcEUTN4Vv7g2wNeL2v1tVAswHusOBUVVtQzOTFf1s/J0/zpuS51p4GiUQYFQJLPkBHuS 25Ua33JozRpx1T834Pu63exNaaDtSYpbWGW3wQudA9UFUf3sCetzg4pggdqKV2MP+eW1 2ibw== X-Gm-Message-State: AOAM533V977Wyvzs1seuqqxoL+G7T6S6734Dx7pLII16y1BbUD9Lzvgs o5hyFbUyjSHswcpRbbDG6urDwgrOkB3OBtq02HrnK5apfekp+Q== X-Google-Smtp-Source: ABdhPJyKKG5BQjtM4KOWxfFKOnKJpgFFwtLQAbqxJc2R+qMWGbNYHXCqJOc/zdt1PgfDgajn3jWiWWrhWmxqxOoINcM= X-Received: by 2002:a17:902:e752:b0:14a:4743:be6e with SMTP id p18-20020a170902e75200b0014a4743be6emr1698994plf.122.1641855595461; Mon, 10 Jan 2022 14:59:55 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Mon, 10 Jan 2022 15:59:29 -0700 Message-ID: To: Dan Ackroyd Cc: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= , PHP internals Content-Type: multipart/alternative; boundary="0000000000008a406005d5424b5b" Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces From: ryan.jentzsch@gmail.com (Ryan Jentzsch) --0000000000008a406005d5424b5b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Answering the question: How do other languages handle this problem? Or how do they avoid it in the first place? Python basically doesn't handle the problem at all and offers this advice: = Be sure to delete all debugging related code before code delivery! See section [9.2.1 production code cannot contain any debug entry points] https://www.fatalerrors.org/a/python-general-programming-specification-09-s= ecurity-programming-specification.html On Mon, Jan 10, 2022 at 10:01 AM Dan Ackroyd wrote= : > Hi Tim, > > On Mon, 10 Jan 2022 at 14:05, Tim D=C3=BCsterhus, WoltLab GmbH > wrote: > > > > this is a follow-up for my "Pre-RFC" email from last Friday, January, > 7th. > > > > https://wiki.php.net/rfc/redact_parameters_in_back_traces > > > > How do other languages handle this problem? Or how do they avoid it in > the first place? > > From the RFC: > > Specifically the back trace collection should be updated to use an > object of class > > \SensitiveParameter as the value for all parameters that are marked wit= h > the > > \SensitiveParameter attribute. > > To me....these words are not clear. Does the following sentence say > the same thing? > > "When the backtrace is generated, any parameter that has a > 'SensitiveParameter' attribute will not have it's value stored in the > backtrace, but instead will be replaced with an SensitiveParameter > object. > > If so, the RFC could be updated to be clearer.....if not, then the RFC > should be updated to be clearer. > > Also, having parameters replaced with another type doesn't seem > obviously correct. There should probably be some words justifying why > that is the correct thing to do, rather than just replacing any values > with "****REDACTED***" or other simple behaviour. > > > On shared web hosting, the customer might not be able to configure it. > > My personal opinion is that shared web hosting shouldn't be a thing > that exists in 2022. And definitely shouldn't be used for anything > where secrets need to be maintained. Yeah shared hosts might have a DB > they can connect to, but those credentials should only be usuable from > the shared host to the DB. > > cheers > Dan > Ack > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > --0000000000008a406005d5424b5b--