Hi Tim, On Mon, Jan 10, 2022 at 3:06 PM Tim Düsterhus, WoltLab GmbH < duester...@woltlab.com> wrote:
> Hi Internals! > > this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th. > > Christoph Becker granted me RFC editing permissions and I've now written > up our proposal as a proper RFC: > > https://wiki.php.net/rfc/redact_parameters_in_back_traces This is a very good addition in my opinion. And as one of the attributes RFC authors I am thrilled about their use here ;-) I believe it wouldn't hurt the RFC to add more words around the fact that stacktraces are often sent to third party services (Exception Tracking software) and as such a redaction of the parameters would be powerful for additional redaction of credit cards, email addresses and other personal data. The example with PDO::__construct is an obvious choice to redact passwords, but application level data is a second source of input that is critical to redact. > > > I recommend also taking a look at my previous email: > > https://externals.io/message/116847 > > It contains some additional context that did not really fit within the > language of a "neutral" RFC that will remain as the permanent record. > > - As indicated within the RFC and my previous email we still need a more > experienced developer for the final implementation, as I have next to no > experience with PHP's implementation. > > Specifically adding this attribute to existing functions is not clear to > me. It is probably required to update the stub parser/generator to add > support for attributes? If someone creates an example implementation for > one function, I'll likely be able to apply this to other functions myself. > - The RFC Impact to Opcache is not clear to me. I don't believe there is > any, but I am not sure. So if someone knows, I'm happy to update that > section. > > Best regards > Tim Düsterhus > Developer WoltLab GmbH > > -- > > WoltLab GmbH > Nedlitzer Str. 27B > 14469 Potsdam > > Tel.: +49 331 96784338 > > duester...@woltlab.com > www.woltlab.com > > Managing director: > Marcel Werk > > AG Potsdam HRB 26795 P > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >
