Hi Benjamin On 1/15/22 7:07 PM, Benjamin Eberlei wrote:
I believe it wouldn't hurt the RFC to add more words around the fact that stacktraces are often sent to third party services (Exception Tracking software) and as such a redaction of the parameters would be powerful for additional redaction of credit cards, email addresses and other personal data. The example with PDO::__construct is an obvious choice to redact passwords, but application level data is a second source of input that is critical to redact.
Thank you for the feedback. I've expanded (and hopefully clarified) the "Introduction" section in version 1.2:
https://wiki.php.net/rfc/redact_parameters_in_back_traces?rev=1642064843&do=diff Best regards Tim Düsterhus Developer WoltLab GmbH -- WoltLab GmbH Nedlitzer Str. 27B 14469 Potsdam Tel.: +49 331 96784338 duester...@woltlab.com www.woltlab.com Managing director: Marcel Werk AG Potsdam HRB 26795 P -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
