Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116876 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 68913 invoked from network); 13 Jan 2022 07:55:07 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 13 Jan 2022 07:55:07 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 20E701804A7 for ; Thu, 13 Jan 2022 01:04:33 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS199118 195.10.208.0/24 X-Spam-Virus: No X-Envelope-From: Received: from mout-b-203.mailbox.org (mout-b-203.mailbox.org [195.10.208.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 13 Jan 2022 01:04:32 -0800 (PST) Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:105:465:1:3:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-203.mailbox.org (Postfix) with ESMTPS id 4JZJQk5GrYzQkdx; Thu, 13 Jan 2022 10:04:30 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=woltlab.com; s=MBO0001; t=1642064669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CR+8SOmd3vl8bmvKhXrNXUL0hwdT9TLJipBWLZ6o5pY=; b=OAE1EU12fR1UC92oTO5ORHhm8PtS1B9u9ncUnM9O62eA5WFXkCTDsK1Ks36/Y4INHaws80 OT1fnXTdi2Ymjm43um24iFlQto7DIoDhtvF8e5/Mh/hNsgwKsQ//myUoygKfhNWkdon59V 0XDJGVjgNnZVQ/hv1SnjTisNQygNyHXJx+OOAgo7xtZb46LNHsO9P3ecGwnZPrEVQDWnUd 9vO1dh8+Sf3/Z/XVBdFKkjys53jxczpxBeGAnv3V0zUpDOf0V8opgNdBF4qBNeDxG3B08l HI+8ggniH+RZodD6joG6bjmxklVI3EpVlSi/xA7XjUJG8E3ERrVx4RTZY3VfsQ== To: Lynn Cc: PHP internals References: <70323155-337c-08c1-47c1-1d11fa6e86f8@woltlab.com> Message-ID: <9a1a0bd7-72e5-d2c2-804f-c153c38d6268@woltlab.com> Date: Thu, 13 Jan 2022 10:04:26 +0100 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces From: duesterhus@woltlab.com (=?UTF-8?Q?Tim_D=c3=bcsterhus=2c_WoltLab_GmbH?=) Hi Lynn On 1/12/22 9:30 AM, Lynn wrote: > I was thinking more of a "keep track of the values replaced, and in the > end purge all those values from the end-result" kinda thing. > Thank you for the clarification. This still is not in scope, because I believe that to be harmful, as the parameter redaction will be completely unpredictable. Consider a sensitive parameter that is of type '?string', i.e. nullable. Now with your proposal, whenever 'null' is passed to this parameter, all 'null's within the stack trace would be hidden, even if they are completely unrelated. Best regards Tim Düsterhus Developer WoltLab GmbH -- WoltLab GmbH Nedlitzer Str. 27B 14469 Potsdam Tel.: +49 331 96784338 duesterhus@woltlab.com www.woltlab.com Managing director: Marcel Werk AG Potsdam HRB 26795 P