Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116881 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 12575 invoked from network); 15 Jan 2022 16:57:32 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 15 Jan 2022 16:57:32 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 52F5A1804B4 for ; Sat, 15 Jan 2022 10:07:32 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 15 Jan 2022 10:07:31 -0800 (PST) Received: by mail-wm1-f51.google.com with SMTP id p18so12175007wmg.4 for ; Sat, 15 Jan 2022 10:07:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=beberlei-de.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SuwUx+syfDAgH584L5qknsZRwu5WRoORgQvZQILAVpY=; b=bCMjj7Nu0aRx9cAcmVwB2NCn7vh4er3YpN5m6OckZnkPw+Th665xURV8cUsiAKHk93 3+RuBoL6vN0veINPKtKSRNK8ro5oCFfUCRFwlb6Aa1AJRQHYFiC3fEEb+0YGqE2490KP ax30Xj/a3NcbNHCmoKhDCKyZHb6itNvIDYt/NULwiGC52AMc+gstOwOKl+dj2/j4eOzy o2GlVY5QUloOhFnSSRRCSiBJPumOzEWK8sG1Mk3ho1c/bdH6nIcDPVCBlYsEAEwHaEIE x/sE8XLuRT7zYGXHt4CS/gF6tZdL1dQzgK3ei2MBP9IW5PdurldUIoNKcMTAUp/NPO75 FtyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SuwUx+syfDAgH584L5qknsZRwu5WRoORgQvZQILAVpY=; b=4KoR+ivzIaoTR6M6lPwcJt3+firlSxFNOIuN8GUyWfU/y9K9sdkD8R2dJ4+t0fOzof nK6Sv4dPIyO1+iTY446zFGIntVq+g+m9smoOUXkeMiQZhwJTdi6JsHmtKRJlsScxZ1dP hkWYMLqPSCSWqgILX3pKyxNq65XnUqOZ5eemTK2Wv5oUlVYBi/hjbU/RzBy3jkPm/wHQ p0Wftne1D0aLJ8T/36pqFUIwmGctk72keNjaMeOKDlUAi8qRwnljRNSw/GXQ7UCK7edN 5ZrXu3wyuXQDv4t8kEtcMYxWKq/wVbuuOKu7Tl5ebp5DVd3JmjHlNjbba9TH8Vor4J5a hGHQ== X-Gm-Message-State: AOAM531XT/9+JUbwTttaNQa3CjSiwvpi+AWRoLwJY0dhKxFK1N3VyzBM rECpKIQjxFrsouWGCJiJf+EivVyG9eepNTaL0ZMf1A== X-Google-Smtp-Source: ABdhPJymOCPDHU7wOY+luMs9DCooJBiJg8kaIKI//t+p1+9wrkGOvSQfXX09alGZlo1pRbSVh1zXyf966ja4ZdaL2kk= X-Received: by 2002:a5d:488a:: with SMTP id g10mr12860756wrq.653.1642270049518; Sat, 15 Jan 2022 10:07:29 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Sat, 15 Jan 2022 19:07:17 +0100 Message-ID: To: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= Cc: PHP internals Content-Type: multipart/alternative; boundary="000000000000ed5c0f05d5a2ca5f" Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces From: kontakt@beberlei.de (Benjamin Eberlei) --000000000000ed5c0f05d5a2ca5f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Tim, On Mon, Jan 10, 2022 at 3:06 PM Tim D=C3=BCsterhus, WoltLab GmbH < duesterhus@woltlab.com> wrote: > Hi Internals! > > this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th= . > > Christoph Becker granted me RFC editing permissions and I've now written > up our proposal as a proper RFC: > > https://wiki.php.net/rfc/redact_parameters_in_back_traces This is a very good addition in my opinion. And as one of the attributes RFC authors I am thrilled about their use here ;-) I believe it wouldn't hurt the RFC to add more words around the fact that stacktraces are often sent to third party services (Exception Tracking software) and as such a redaction of the parameters would be powerful for additional redaction of credit cards, email addresses and other personal data. The example with PDO::__construct is an obvious choice to redact passwords, but application level data is a second source of input that is critical to redact. > > > I recommend also taking a look at my previous email: > > https://externals.io/message/116847 > > It contains some additional context that did not really fit within the > language of a "neutral" RFC that will remain as the permanent record. > > - As indicated within the RFC and my previous email we still need a more > experienced developer for the final implementation, as I have next to no > experience with PHP's implementation. > > Specifically adding this attribute to existing functions is not clear to > me. It is probably required to update the stub parser/generator to add > support for attributes? If someone creates an example implementation for > one function, I'll likely be able to apply this to other functions myself= . > - The RFC Impact to Opcache is not clear to me. I don't believe there is > any, but I am not sure. So if someone knows, I'm happy to update that > section. > > Best regards > Tim D=C3=BCsterhus > Developer WoltLab GmbH > > -- > > WoltLab GmbH > Nedlitzer Str. 27B > 14469 Potsdam > > Tel.: +49 331 96784338 > > duesterhus@woltlab.com > www.woltlab.com > > Managing director: > Marcel Werk > > AG Potsdam HRB 26795 P > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > --000000000000ed5c0f05d5a2ca5f--