Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:116962
Return-Path: <drealecs@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 40194 invoked from network); 1 Feb 2022 05:24:22 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 1 Feb 2022 05:24:22 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id CF4F01804C4
	for <internals@lists.php.net>; Mon, 31 Jan 2022 22:38:30 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <drealecs@gmail.com>
Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 31 Jan 2022 22:38:30 -0800 (PST)
Received: by mail-ed1-f52.google.com with SMTP id w14so32058685edd.10
        for <internals@lists.php.net>; Mon, 31 Jan 2022 22:38:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=VNe5Qg3Mcjf9zjBREUY97Z0HdqMYqNV/OPMIPn/kRsQ=;
        b=l/xbXqfGPGggPhUe7tUcFDqlaRD/tG8DpdcEw4uD1WE84C1SGCti1amvVtgK7ITqKv
         oEtG2/JDgDFtSdsCUp1jjeP4Rqpu5GwMR179I1q94f1TNru3iUpEz0VKiLN69A2eqdc+
         Xb45Ob/3mPp7eHRjIYwKZeJYCMfNUfgijtDSssVsvnrBkLocmp6qVn7H7TSdOpNw7U6Q
         ld48KoWMwZUaD8LlvdyJWq/3qDjr1VcMCrau0lQLycyvJJvd8EsG42mP6QixJESoIpAY
         /TbgPEi8c1eS7eJ+G6gb9KkTU+24n4SZk3aK4dQZeV3BGu1sXVbC18B8x3TriJrLohUC
         LT5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=VNe5Qg3Mcjf9zjBREUY97Z0HdqMYqNV/OPMIPn/kRsQ=;
        b=x1NvQbv8agG4rHMUeHzgoPiFfn8FYl4I5R2LgJFYkHTUbPCORcBLsFsw3mTLxOvvO7
         EVj9j/GYCNBD1GAaAFdoPl5LvjbdhtjbhY4iWOwqqXHsMJZZngg3tHBjhOHw19cKqJMq
         PiUrX9O8agGPpiGCtm2bpROGRKLlMUiAxFxWeOiE7Vs0cpjEWWYpqhss7bUKnacmGc0a
         Rkt0vuzZXYgtHg/yeHUZzBehOOE7hNl/47VdE0+PYmiT+l1ZrhUIBq6XY+Lbv+SR7Y0G
         64YTyIH5Sd8AetCGU2kLVdDXvYZXQGOBwwyDMJJUWXKSPDB12Y7h+X4opCfeu9WtY6bP
         zFfQ==
X-Gm-Message-State: AOAM5338bV21/NSkebCFZlU0H3EzxDdTDfTgvYAtKQu+y1ha4eo01vGF
	5j51PQCsQzl/nggFiA+RtKugd8wp0iAq30xzZwjy4U0H09y6Wg==
X-Google-Smtp-Source: ABdhPJwfPWM6Swgx6YF3KLYqfLXWHB5HC6uGunFLlcqW56rMDGQIQ2IqPipQaONOgfzHnc+weg3jA8K3ZOyAGnourp0=
X-Received: by 2002:a50:d757:: with SMTP id i23mr2339044edj.446.1643697508748;
 Mon, 31 Jan 2022 22:38:28 -0800 (PST)
MIME-Version: 1.0
References: <ded42b3e-3149-1192-0f86-07715fcb7a3e@woltlab.com> <1d272d70-1d78-5bd1-2e11-9f903c755073@woltlab.com>
In-Reply-To: <1d272d70-1d78-5bd1-2e11-9f903c755073@woltlab.com>
Date: Tue, 1 Feb 2022 08:38:12 +0200
Message-ID: <CAAwdEzAvbr9a17Ao0-6w3j=id2KqE9fTsup+M8veFvpSCUOq9Q@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus=2C_WoltLab_GmbH?= <duesterhus@woltlab.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000020903b05d6ef2652"
Subject: Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces
From: drealecs@gmail.com (=?UTF-8?Q?Alexandru_P=C4=83tr=C4=83nescu?=)

--00000000000020903b05d6ef2652
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Jan 31, 2022 at 11:55 AM Tim D=C3=BCsterhus, WoltLab GmbH <
duesterhus@woltlab.com> wrote:

> Hi Internals!
>
> On 1/10/22 15:05, Tim D=C3=BCsterhus, WoltLab GmbH wrote:
> > https://wiki.php.net/rfc/redact_parameters_in_back_traces
> At the end of last week I've updated the RFC a little based on the
> questions Derick Rethan asked me for episode #97 of PHP Internals News
> podcast:
>
> https://phpinternals.news/97
>
> https://github.com/php/php-src/pull/7921
>
> now adds the \SensitiveParameter attribute to PDO::__construct()'s
> $password parameter and to password_hash()'s $password parameter.
>
>
> I believe I've answered all open questions and I also managed to resolve
> the open issues I listed in my initial email.
>
>
Hey Tim,

I think storing the original value within the replacement value should be
considered and voted in this RFC as well, even if implemented in a separate
PR.
I did write some code where I process programmatically the backtraces and
while I might not have used it with sensitive parameters, it would be good
to have the code generic, if this passes.

I'm guessing that mostly means accepting the value as a constructor
parameter exposing a getValue() method
And, of course, making sure var_dump/print_r/string-casting does not print
it. I mean, it looks like the implementation is doable.

Thinking about this will bring a small issue into plain sight, the
attribute is the same class as the replacing placeholder,
\SensitiveParameter.
I believe they should be separate classes, \SensitiveParameter marked as an
Attribute that can be applied to parameters and something like
\SensitiveParameterValue that replaces the original value  in stack traces.

Regards,
Alex

--00000000000020903b05d6ef2652--