Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116863 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 30222 invoked from network); 11 Jan 2022 04:28:28 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 11 Jan 2022 04:28:28 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 44C0F1804C3 for ; Mon, 10 Jan 2022 21:37:20 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com [209.85.210.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 10 Jan 2022 21:37:19 -0800 (PST) Received: by mail-ot1-f42.google.com with SMTP id 35-20020a9d08a6000000b00579cd5e605eso17503833otf.0 for ; Mon, 10 Jan 2022 21:37:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Lsz7fR159ienqaPcUfkDsMEIlHexP70HJoQDO4EKU9I=; b=NQcGbXKZ4fVLbnV7s8OtX/cHUvhn3EQiJngekpOtENb/15qqL6570HtdF0vdRy5NiE jOW4l3tiwPcZMWnmgmDCq3YJXHugUpj7EWKlwiL5qrjFOlK77hovgPClMk2DlcTZ73hQ eF6jfa9s/0PUd4A7jfOE+eJSIqJlavilK3SsjCxlUMKlkT2LgbzLtxxdaVytrzNuzSmK XXvov26sQtWwGl1omtSD+9IME88L68iBV0qt81FJj5EGs9Cl44VU3usQYniUVbFnQtUB 3p0nxqSvOHUb2vmNS2M3rJjYzhl2QHh9VEvBzj4d2QBkOOLLcKXyEbK3JOgel8TwNuWo hGng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Lsz7fR159ienqaPcUfkDsMEIlHexP70HJoQDO4EKU9I=; b=R4L8J+LcyFn1D++PlcUPMfx3C3GLt65Yxuh0jEFSPCI8PnOMc4MZh5g+6NnKS2+nZm kgfcr/Cjhb1309350q0PJqctOktumMuYziPy2cz0XQexrCXPG3b62KKFtuu2RWR0SM97 6nB4JmMSCkPLzyk/bf8VZt9s7H7XacSh30aiqZDGeZDM0omuxsb2FKipHOgj9tetCyoW ugNb+KmzqKFCw3MF0ShgFzth76v0jfA5EGf2j4iOwA8T7KuY7Xime+FDreSaXNFQbjZJ dE9O0nCTxSo3m3UIq7HNNTLd+jw1T2R0+P+dPn6oXmcY1iABYImPb5nFhLL1yneowLzm W62w== X-Gm-Message-State: AOAM5304ebRU1a7ZQxceeUe+HPcckzCyyODsYluM2ZxUzi3kTk4BC3Rg y/QnCeG6qoi3V8UNp+BQp3bJFiyyp8NuHjj8ExpZlLAymvI= X-Google-Smtp-Source: ABdhPJz+LfUK/y8CmHPMVYqj0i1tkDak2AO3mUCiCJpW190FvLRrDRwEmRZKkxVSw+PblVMAmm43wbqs578r+Ccj3q4= X-Received: by 2002:a05:6830:2056:: with SMTP id f22mr2296240otp.292.1641879438933; Mon, 10 Jan 2022 21:37:18 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Mon, 10 Jan 2022 23:37:09 -0600 Message-ID: To: PHP internals Content-Type: multipart/alternative; boundary="000000000000b8c1e405d547d87d" Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces From: tendoaki@gmail.com (Michael Morris) --000000000000b8c1e405d547d87d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Jan 10, 2022 at 8:05 AM Tim D=C3=BCsterhus, WoltLab GmbH < duesterhus@woltlab.com> wrote: > Hi Internals! > > this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th= . > > Christoph Becker granted me RFC editing permissions and I've now written > up our proposal as a proper RFC: > > https://wiki.php.net/rfc/redact_parameters_in_back_traces > > I recommend also taking a look at my previous email: > > https://externals.io/message/116847 > > It contains some additional context that did not really fit within the > language of a "neutral" RFC that will remain as the permanent record. > > - As indicated within the RFC and my previous email we still need a more > experienced developer for the final implementation, as I have next to no > experience with PHP's implementation. > > Specifically adding this attribute to existing functions is not clear to > me. It is probably required to update the stub parser/generator to add > support for attributes? If someone creates an example implementation for > one function, I'll likely be able to apply this to other functions myself= . > - The RFC Impact to Opcache is not clear to me. I don't believe there is > any, but I am not sure. So if someone knows, I'm happy to update that > section. > > > If someone can inject a debug_backtrace into your code and get it executed you have bigger problems than a parameter being exposed. And if you configure your prod servers to be all chatty Kathy to the world on error, you need to learn how to do better. A change to the language is not in order here. --000000000000b8c1e405d547d87d--