Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:116871
Return-Path: <duesterhus@woltlab.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 6939 invoked from network); 12 Jan 2022 07:08:37 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 12 Jan 2022 07:08:37 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 6B3DB1804B4
	for <internals@lists.php.net>; Wed, 12 Jan 2022 00:17:45 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS199118 195.10.208.0/24
X-Spam-Virus: No
X-Envelope-From: <duesterhus@woltlab.com>
Received: from mout-b-105.mailbox.org (mout-b-105.mailbox.org [195.10.208.50])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed, 12 Jan 2022 00:17:44 -0800 (PST)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by mout-b-105.mailbox.org (Postfix) with ESMTPS id 4JYgRB14mrzQjSs;
	Wed, 12 Jan 2022 09:17:42 +0100 (CET)
X-Virus-Scanned: amavisd-new at heinlein-support.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=woltlab.com; s=MBO0001;
	t=1641975460;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=8EtT+k8dMXOxe1klKRiafbv0W+VRMXFUwdStmFnpcd4=;
	b=jcUpqn90aGwd9YJmWem5RNtX/Qb6JIClrffVwIlOxrGxYae7aGz0/GVK+UqWUvfOxpXKTQ
	xgwX8UH1DH+odRyQd3aOtmuFN7oNOkjarsAcDuOP81GbIStNUvNp8GwHxumzr5WGVAb9N8
	Qla/S2peB4KUj6felF2LJ10nu7/MZ/WTaibgSethldkennxT7LZzr++4JewNfcyW7F9vi8
	+KOmeVpYeUj0EQdgBkvvCLUfIq/vfUePwLpns2KFEYB4286oyKwtMNS5V1dxmDx8WG7YIs
	iF9/PqOF96aBD/qnGYXwQ2Qa6IOQi2eR+2huBxIEIwbP4JpNdkVAI2Dz3ultNA==
To: Lynn <kjarli@gmail.com>
Cc: PHP internals <internals@lists.php.net>
References: <ded42b3e-3149-1192-0f86-07715fcb7a3e@woltlab.com>
 <CANS-=pfqDBtfOtbfFWHzB_8eStBWQN5vTDGFe=ehG8B6j3axyw@mail.gmail.com>
Message-ID: <70323155-337c-08c1-47c1-1d11fa6e86f8@woltlab.com>
Date: Wed, 12 Jan 2022 09:17:37 +0100
MIME-Version: 1.0
In-Reply-To: <CANS-=pfqDBtfOtbfFWHzB_8eStBWQN5vTDGFe=ehG8B6j3axyw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces
From: duesterhus@woltlab.com (=?UTF-8?Q?Tim_D=c3=bcsterhus=2c_WoltLab_GmbH?=)

Hi Lynn

On 1/11/22 11:23 AM, Lynn wrote:
> One possible addition; would it be possible to analyze the masked values
> and mask any 100% matches elsewhere?

No, this is not in scope for this RFC, as it would require accurate 
tracking of variable contents across reassignments and possibly function 
calls.

My understanding is that this basically would require support for 
tainted variables, i.e. this very old RFC: https://wiki.php.net/rfc/taint

Best regards
Tim Düsterhus
Developer WoltLab GmbH

-- 

WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam

Tel.: +49 331 96784338

duesterhus@woltlab.com
www.woltlab.com

Managing director:
Marcel Werk

AG Potsdam HRB 26795 P