Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:116859
Return-Path: <ryan.jentzsch@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9532 invoked from network); 10 Jan 2022 21:51:11 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Jan 2022 21:51:11 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 7AFFC1804BA
	for <internals@lists.php.net>; Mon, 10 Jan 2022 15:00:00 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <ryan.jentzsch@gmail.com>
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 10 Jan 2022 14:59:56 -0800 (PST)
Received: by mail-pl1-f182.google.com with SMTP id l15so14334148pls.7
        for <internals@lists.php.net>; Mon, 10 Jan 2022 14:59:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=l5fyQBX12hgnkFtX2C+A+mqTsUovt6Z5YKrpMLXieJQ=;
        b=XA9gKSYPziBWGBQpuxeNGTxQ0rD5QsAp0/5FydwvICSsy0/yZ/qLcCM57ucErxMH26
         zNhrWqMn7RuSv/dSE798bXoMfCu0TUhdwArKWsoJ+Pr/OBgmsxED8dCLuMT526oH/9Af
         RaoU+4MIRGN60muaXSNtTvt2Rr5XDyPlAD9VtF8K9PIo79qmcLaDOm5E6ahgTHpdtQpV
         MaxfgNrXV5crqJe0tv1ZCb1i/U515XheVZCM5H5spF8Q/wCrSbdQZhYT+R+HQXdwGTzJ
         UqAGriib36KM57lcgJyn5/dEwBmqnXY/8A5z1mkQfp0pSRCkCnpCyTmRod1ECLpbv1rA
         2Qeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=l5fyQBX12hgnkFtX2C+A+mqTsUovt6Z5YKrpMLXieJQ=;
        b=JKp3CwWclLS3QM4h6fTxXRenl6VPSNS4luxDrumH54Wl60kQp9f7MG/aiw7zqR//Km
         8HBeV9CRUcoJRzu1MVJSQ8YIsPB9LxVolPE5sNPmV6QXCgv1zqdlKkJw4XkJZqaMCEt5
         LmH3iugocfOjKUrbIGMKDJxfYiDD/xuOOoV7w/l1Lpcdeldx4hwzFBUv5m2bslBCUofV
         RcEUTN4Vv7g2wNeL2v1tVAswHusOBUVVtQzOTFf1s/J0/zpuS51p4GiUQYFQJLPkBHuS
         25Ua33JozRpx1T834Pu63exNaaDtSYpbWGW3wQudA9UFUf3sCetzg4pggdqKV2MP+eW1
         2ibw==
X-Gm-Message-State: AOAM533V977Wyvzs1seuqqxoL+G7T6S6734Dx7pLII16y1BbUD9Lzvgs
	o5hyFbUyjSHswcpRbbDG6urDwgrOkB3OBtq02HrnK5apfekp+Q==
X-Google-Smtp-Source: ABdhPJyKKG5BQjtM4KOWxfFKOnKJpgFFwtLQAbqxJc2R+qMWGbNYHXCqJOc/zdt1PgfDgajn3jWiWWrhWmxqxOoINcM=
X-Received: by 2002:a17:902:e752:b0:14a:4743:be6e with SMTP id
 p18-20020a170902e75200b0014a4743be6emr1698994plf.122.1641855595461; Mon, 10
 Jan 2022 14:59:55 -0800 (PST)
MIME-Version: 1.0
References: <ded42b3e-3149-1192-0f86-07715fcb7a3e@woltlab.com> <CA+kxMuTVMeqVN1UFwau3eaVgLa2DKRKaErzSdFCKLw9v066mVQ@mail.gmail.com>
In-Reply-To: <CA+kxMuTVMeqVN1UFwau3eaVgLa2DKRKaErzSdFCKLw9v066mVQ@mail.gmail.com>
Date: Mon, 10 Jan 2022 15:59:29 -0700
Message-ID: <CAHWSxWSBh5oPuKxjWbmCCSxLE5WhJCwQBus5WrdO1WMNmwodaA@mail.gmail.com>
To: Dan Ackroyd <Danack@basereality.com>
Cc: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= <duesterhus@woltlab.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000008a406005d5424b5b"
Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces
From: ryan.jentzsch@gmail.com (Ryan Jentzsch)

--0000000000008a406005d5424b5b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Answering the question: How do other languages handle this problem? Or how
do they avoid it in
the first place?

Python basically doesn't handle the problem at all and offers this advice: =
Be
sure to delete all debugging related code before code delivery!

See section [9.2.1 production code cannot contain any debug entry points]

https://www.fatalerrors.org/a/python-general-programming-specification-09-s=
ecurity-programming-specification.html

On Mon, Jan 10, 2022 at 10:01 AM Dan Ackroyd <Danack@basereality.com> wrote=
:

> Hi Tim,
>
> On Mon, 10 Jan 2022 at 14:05, Tim D=C3=BCsterhus, WoltLab GmbH
> <duesterhus@woltlab.com> wrote:
> >
> > this is a follow-up for my "Pre-RFC" email from last Friday, January,
> 7th.
> >
> > https://wiki.php.net/rfc/redact_parameters_in_back_traces
> >
>
> How do other languages handle this problem? Or how do they avoid it in
> the first place?
>
> From the RFC:
> > Specifically the back trace collection should be updated to use an
> object of class
> > \SensitiveParameter as the value for all parameters that are marked wit=
h
> the
> > \SensitiveParameter attribute.
>
> To me....these words are not clear. Does the following sentence say
> the same thing?
>
> "When the backtrace is generated, any parameter that has a
> 'SensitiveParameter' attribute will not have it's value stored in the
> backtrace, but instead will be replaced with an SensitiveParameter
> object.
>
> If so, the RFC could be updated to be clearer.....if not, then the RFC
> should be updated to be clearer.
>
> Also, having parameters replaced with another type doesn't seem
> obviously correct. There should probably be some words justifying why
> that is the correct thing to do, rather than just replacing any values
> with "****REDACTED***" or other simple behaviour.
>
> > On shared web hosting, the customer might not be able to configure it.
>
> My personal opinion is that shared web hosting shouldn't be a thing
> that exists in 2022. And definitely shouldn't be used for anything
> where secrets need to be maintained. Yeah shared hosts might have a DB
> they can connect to, but those credentials should only be usuable from
> the shared host to the DB.
>
> cheers
> Dan
> Ack
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>
>

--0000000000008a406005d5424b5b--