Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:116869
Return-Path: <pierre.php@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 55878 invoked from network); 11 Jan 2022 11:32:58 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 11 Jan 2022 11:32:58 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 2405918053B
	for <internals@lists.php.net>; Tue, 11 Jan 2022 04:41:56 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <pierre.php@gmail.com>
Received: from mail-oi1-f172.google.com (mail-oi1-f172.google.com [209.85.167.172])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 11 Jan 2022 04:41:55 -0800 (PST)
Received: by mail-oi1-f172.google.com with SMTP id q186so17011494oih.8
        for <internals@lists.php.net>; Tue, 11 Jan 2022 04:41:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=jRHMw7TgzMUzkzd49UzQjsWa2p5ia+xjiH4BSbIU6hg=;
        b=HPYv17jDXyFAPZD4jqDaEomkNItCPud0WmFE/RBX3NzUdoXyoj+KVk+I2bcRfw3LmY
         V+DMU1g520cPDojSLnzUIyqEf/u31FUWd3QHe+e0pdFIBHqsDnejTUSx9uiagSuERGie
         d6wwW/LMyvVUJeTf7UEzM8MpxE1kUraeQ8k8EWvSxR99udnGloNK8SikVYQNUhwzJB7Y
         kRDoTa2TJka/wkxE6d15l6aChbfV+Cwz9sN8hFi7a4Ap7sx+zKQkXDVpKqF4FrPIki5a
         Mu5TcfzknVLldSAit/XO1PYa6PorcpeeQ8ZhfLgeVTLI8X/pCnK9Dxb0MiDdH8ZLQPF6
         ABvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=jRHMw7TgzMUzkzd49UzQjsWa2p5ia+xjiH4BSbIU6hg=;
        b=YQEPAfIcT2nEGYBYRavi0WENNNTMcZdRuUIjgvdq75vGVNL0XQelnQJujhVzjOTE+2
         BGIBLqVK+BJB3qyAWUH96LEhWV+VLVuQK0/DheF9zZvsX6pA+ZgGNJO8OD/mdKPkPLxQ
         ar7iJkc6aqZQRBFwQHBFkNjszHe63UT7dioo8VV25Q2bMhQK2Hy22I0a90w+LDHetLF5
         V632bmF56nLjsOIh3ERghechRSPagN3bfRyihxnSGs7/vCLA3rzcoPl8ACzb1mn9FwYZ
         GzG5IBSEXeNFXVi3zU6y9VZ5r/qH+Hn337GmNDu31pZDb37d3njRaMJd7XVzJsYTa16a
         /RcA==
X-Gm-Message-State: AOAM532vtCElPysEUqYgVLSb8KWnAvrbGqTBFcplx+/bWqM9nDU9In9p
	pnNiAI04fyank6r9nDkYQjhMUK7q/UkKtPzzl2p/zahH
X-Google-Smtp-Source: ABdhPJydcL19DDe3frDF3VGZJNfaNB8pCH+MVIT2NxlcfJaPgVBYjpT3E+qilgiJl/03dki6Lqe6tnLKyyTIqTXu3fk=
X-Received: by 2002:a05:6808:1119:: with SMTP id e25mr1656983oih.30.1641904914853;
 Tue, 11 Jan 2022 04:41:54 -0800 (PST)
MIME-Version: 1.0
References: <ded42b3e-3149-1192-0f86-07715fcb7a3e@woltlab.com>
 <CAEZPtU7OUyymnN1DUhwM5PdTGPZnAgqCy84u6tjDRGBekpidNg@mail.gmail.com> <d6caa3bf-85b5-f14b-7efa-5bda54f2e698@woltlab.com>
In-Reply-To: <d6caa3bf-85b5-f14b-7efa-5bda54f2e698@woltlab.com>
Date: Tue, 11 Jan 2022 19:41:43 +0700
Message-ID: <CAEZPtU6uwVHuRBNjMSzPdrC9ags+_1yCeTE9coXL0AjsvxyCxA@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= <duesterhus@woltlab.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces
From: pierre.php@gmail.com (Pierre Joye)

Hi Tim,

On Tue, Jan 11, 2022 at 4:40 PM Tim D=C3=BCsterhus, WoltLab GmbH
<duesterhus@woltlab.com> wrote:
>
> Hi Pierre
>
> On 1/11/22 4:48 AM, Pierre Joye wrote:
> > Also sensitive data goes way beyond arguments, GDPR brings a lot of
> > issues here too. Userland packages like monolog provide filters or
> > custom output, I think that is where it should be handled.
>
> I believe that the author of a function is in the best position to
> decide whether a specific argument generally holds sensitive data or
> not. This avoids every exception handler / logger / =E2=80=A6 having to c=
heck
> what function parameters hold sensitive data and scrubbing them,
> possibly missing some.

You are fully correct here.

My thoughts differ as I think there are better tools to handle this
than PHP itself, as well as all other cases where sensitive data may
be exposed (a lot more than backtrace, which is handled already using
the ini setting).
Things like query errors, etc. There is no way we can handle them all
and this is really the developer responsibility to handle this data in
a safe manner. We do our best at the engine level for critical data
from an engine point of view. Application level critical data are the
developers responsibility (config, code, etc.).

Best,
--=20
Pierre

@pierrejoye | http://www.libgd.org