Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116862 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 25167 invoked from network); 11 Jan 2022 02:39:54 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 11 Jan 2022 02:39:54 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 3F0A618053A for ; Mon, 10 Jan 2022 19:48:46 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-oi1-f175.google.com (mail-oi1-f175.google.com [209.85.167.175]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 10 Jan 2022 19:48:45 -0800 (PST) Received: by mail-oi1-f175.google.com with SMTP id w188so345441oib.7 for ; Mon, 10 Jan 2022 19:48:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=w6Xef7ktJ482OMXWk+kIQ5/Yz+Ra2djdb26ihvKHWac=; b=VAVWas9y7avE2r0nVKQ5xvMnOCBr3gU1gfINKf9vAPZevJDr70waEMhrIxJyBieANl 0ZJIrBe4xBONBg9HzHM7q4k7rSKJxwHs17lQYr+BYFwW3E7YIsQdEZGU7obeQnx841gO Z5SMKzkAm8aSQJfkSYbrsTaDIr296gAMDd/huElhYmBkOWV7ZD93Bu7AexBts0UjcLIK 02SbC8fUShgcTOKNUeSZVjD3LeslrSas4/GH170cp54B1B2881jpan/Dz5piEE2KWRKi 5TSG+O8VR8dv5h/oRIgjs9wLgW58ZMOVyKr3RasLz5znquWBqejWGqmsdU3BrsnRxJag qGOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=w6Xef7ktJ482OMXWk+kIQ5/Yz+Ra2djdb26ihvKHWac=; b=LYMVDYK9VPFbt4WOj7F1NN2fPg32dSk5kl05b4P3l96NQyaf4kt4aawl9XvlyBVDhH EeZfYqLVFj0UbgymJaUBtm4CfF9TtU+XBk95uycmgQm4wAK0aSDlcuzGY/zwK+N/cN2O mcMRSwL+WDiTt2suhPusAWKq5+ioye1xlyBwrGqVaGXQ+yrgAn5NcOqXfu5+WnvlE1DP XcGJ1b2rkCXzkJpGKmQIbo7BKimNM5wHHAtSrRnWNxEwUH7QRJINy7PFTTWRLkLWun20 hFbziybUZyLUpeXIC5XMy1rKxUXepQ4vYRflxtfY0+uV3aylRQ0KJT/Ss0CoNMYt3fEE Zn1w== X-Gm-Message-State: AOAM531/+wIcH1kLQZTh8JIxczAGvafKk0w4jXKrtQnYzDvacRhNcV04 4NAjm8otrOx5PLoyrInPgNodLpO/S4S5tFO+8HgsjsM8UDE= X-Google-Smtp-Source: ABdhPJyi8QxuB0C+vPfLeOW4eoC1lzh6xGSnzJ2/vj7/ioQGsmTvUIQ5W8QXjq8aoth82U2Yt2Vb6pvDTg6Fck7jVo4= X-Received: by 2002:a05:6808:9b2:: with SMTP id e18mr580941oig.168.1641872925091; Mon, 10 Jan 2022 19:48:45 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Tue, 11 Jan 2022 10:48:33 +0700 Message-ID: To: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= Cc: PHP internals Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces From: pierre.php@gmail.com (Pierre Joye) Good morning Tim, On Mon, Jan 10, 2022 at 9:06 PM Tim D=C3=BCsterhus, WoltLab GmbH wrote: I am not sure it makes sense to make the code so verbose to prevent users from showing sensitive data as it never stops (next print_r/var_dump and userland version of them?). Also sensitive data goes way beyond arguments, GDPR brings a lot of issues here too. Userland packages like monolog provide filters or custom output, I think that is where it should be handled. As a side note, the RFC mentions that zend.exception_ignore_args may not be configurable on some shared hosters, it is INI_ALL, so even in the code could change it, any time, back and forth: