Re: [PHP-DEV] RFC [Discussion]: Redacting parameters in back traces

Mon, 31 Jan 2022 01:55:10 -0800 

Hi Internals!

On 1/10/22 15:05, Tim Düsterhus, WoltLab GmbH wrote:

https://wiki.php.net/rfc/redact_parameters_in_back_traces
At the end of last week I've updated the RFC a little based on the questions Derick Rethan asked me for episode #97 of PHP Internals News podcast: 

https://phpinternals.news/97


- As indicated within the RFC and my previous email we still need a more
experienced developer for the final implementation, as I have next to no
experience with PHP's implementation.

Specifically adding this attribute to existing functions is not clear to
me. It is probably required to update the stub parser/generator to add
support for attributes? If someone creates an example implementation for
one function, I'll likely be able to apply this to other functions myself.


I also managed to figure this out. The proof of concept implementation at

https://github.com/php/php-src/pull/7921


now adds the \SensitiveParameter attribute to PDO::__construct()'s 
$password parameter and to password_hash()'s $password parameter.



- The RFC Impact to Opcache is not clear to me. I don't believe there is
any, but I am not sure. So if someone knows, I'm happy to update that
section.


For this I got a confirmation in private that Opcache will not be affected.

-


I believe I've answered all open questions and I also managed to resolve 
the open issues I listed in my initial email.



As more than two weeks have passed since I started this discussion 
thread and as the discussion appears to have died down by now I'd like 
to start the vote on this RFC.



I plan to open voting on Wednesday, February, 2nd. Voting will run 2 
weeks, 2/3 majority with the concept being voted on as explained in the 
"Proposed Voting Choice" section: 
https://wiki.php.net/rfc/redact_parameters_in_back_traces#proposed_voting_choices



This being my first RFC, please let me know if I missed something with 
regard to the procedure!


Best regards
Tim Düsterhus
Developer WoltLab GmbH

--

WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam

Tel.: +49 331 96784338

duester...@woltlab.com
www.woltlab.com

Managing director:
Marcel Werk

AG Potsdam HRB 26795 P

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
























					Reply via email to