Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:116877
Return-Path: <kjarli@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 71057 invoked from network); 13 Jan 2022 08:14:41 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 13 Jan 2022 08:14:41 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 638B21804A8
	for <internals@lists.php.net>; Thu, 13 Jan 2022 01:24:07 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <kjarli@gmail.com>
Received: from mail-io1-f53.google.com (mail-io1-f53.google.com [209.85.166.53])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 13 Jan 2022 01:24:07 -0800 (PST)
Received: by mail-io1-f53.google.com with SMTP id v1so7564040ioj.10
        for <internals@lists.php.net>; Thu, 13 Jan 2022 01:24:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=NCoqGaOi4bJ/ZUrwJgD+5vH1ZI9gmR8lGhfLGKDuSCg=;
        b=ROwluMK+fkJM4eczn3I/hw5q8L9Ph18+q1YThJXtc3WEd61sYnfse+aduwf6lAiDkL
         IApiKQ22dsMCN69Mt/x+mjNUZpxt+OHjPEUgARHIgEv4eyooMu+b/Nd/25cW5tDpQOTo
         IG8yGn8wLs5UDCjNm8vsV+HIBbeKjwp4P/+vsElyzDt+CsWvubgJaZVKv8FXijbPKs3U
         pMZyeZ72mytoUxd+xxsPkl4vNy9dV7fSmN/NJ5J9nR9hLGI7gFsv19wKUwHU2B8/pcY5
         oDrbjDGj5sYME4CgdGqooKAdEcuSAJeWCK/83d5d2MiHncx1Ta73teecN7e3eJ+9SiSV
         spHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=NCoqGaOi4bJ/ZUrwJgD+5vH1ZI9gmR8lGhfLGKDuSCg=;
        b=fvaLtzQ6HpWNrksJXKihelnAa8IjzzyS0Rn6wA29YflqSGTJyKxPGRc7IyAI18egwD
         3tsXAwNOXVhJCpMf/Azy+UMoAw/iIYRfNk8qt+UFp7rG7P6m4r6YlGCZb0N3PwimaZe9
         iTCWmd/YpAjBYxmas8q6jpyqYFRaZcemsR7G+ttwk77oG26WN8kqM9h6B4WWPnFlOxnn
         ZY/qT6lJHByR8gmHPdkaWmMsjwE7rVqDib1n5eewhXeGOPnX5MUpAAi+hBN/tlWOSLU4
         WvzuwBKk25hvVQ+iXodPBKrVEp03TsWtVwz4ZBLxyg8oU3Kdg5YGCs5gc3po1ysbq0J1
         PPLQ==
X-Gm-Message-State: AOAM531kMmpEFxOC6AmahwiIP+UPUjJiSl3sd3aVqbMDOOIc4yqZhRzU
	HdH3KVmRHmGlbi5tiDNuzJGnQlHZl31OjZV/z4LHaRC7
X-Google-Smtp-Source: ABdhPJyiiEfFVTzep/2u/IpHBJ1M7mnrxcQsAu4yWEE9giuTQ5Mwkuwo7mc8pXtaAejLds36K52ozRLQ30Ji3LUTzpc=
X-Received: by 2002:a02:c943:: with SMTP id u3mr1613291jao.11.1642065846043;
 Thu, 13 Jan 2022 01:24:06 -0800 (PST)
MIME-Version: 1.0
References: <ded42b3e-3149-1192-0f86-07715fcb7a3e@woltlab.com>
 <CANS-=pfqDBtfOtbfFWHzB_8eStBWQN5vTDGFe=ehG8B6j3axyw@mail.gmail.com>
 <70323155-337c-08c1-47c1-1d11fa6e86f8@woltlab.com> <CANS-=pe01is8HMm-FZVJdTGPq7X_jZnn6dJ-yEO1=+tOUwy5BQ@mail.gmail.com>
 <9a1a0bd7-72e5-d2c2-804f-c153c38d6268@woltlab.com>
In-Reply-To: <9a1a0bd7-72e5-d2c2-804f-c153c38d6268@woltlab.com>
Date: Thu, 13 Jan 2022 10:23:40 +0100
Message-ID: <CANS-=pdu8OQwBgfEb8_DkQWcHkbuc2YbBbSg8q8-8GBbDbngGA@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= <duesterhus@woltlab.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000738bbe05d5733f2d"
Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces
From: kjarli@gmail.com (Lynn)

--000000000000738bbe05d5733f2d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Jan 13, 2022 at 10:04 AM Tim D=C3=BCsterhus, WoltLab GmbH <
duesterhus@woltlab.com> wrote:

> Hi Lynn
>
> On 1/12/22 9:30 AM, Lynn wrote:
> >   I was thinking more of a "keep track of the values replaced, and in t=
he
> > end purge all those values from the end-result" kinda thing.
> >
>
> Thank you for the clarification. This still is not in scope, because I
> believe that to be harmful, as the parameter redaction will be
> completely unpredictable.
>
> Consider a sensitive parameter that is of type '?string', i.e. nullable.
> Now with your proposal, whenever 'null' is passed to this parameter, all
> 'null's within the stack trace would be hidden, even if they are
> completely unrelated.
>
>
Yeah I'm with you 100%, this has more edge cases than I originally thought
of. The RFC as it is already improves a lot for me so I'll be glad to see
it regardless!

--000000000000738bbe05d5733f2d--