On Thu, Jan 13, 2022 at 10:04 AM Tim Düsterhus, WoltLab GmbH < duester...@woltlab.com> wrote:
> Hi Lynn > > On 1/12/22 9:30 AM, Lynn wrote: > > I was thinking more of a "keep track of the values replaced, and in the > > end purge all those values from the end-result" kinda thing. > > > > Thank you for the clarification. This still is not in scope, because I > believe that to be harmful, as the parameter redaction will be > completely unpredictable. > > Consider a sensitive parameter that is of type '?string', i.e. nullable. > Now with your proposal, whenever 'null' is passed to this parameter, all > 'null's within the stack trace would be hidden, even if they are > completely unrelated. > > Yeah I'm with you 100%, this has more edge cases than I originally thought of. The RFC as it is already improves a lot for me so I'll be glad to see it regardless!
