Hi Dan
On 2/7/22 17:36, Dan Ackroyd wrote:
So basically all the other languages I researched do not provide
arguments within back traces.
Uh, that kind of suggests that providing arguments at all is a
mistake, and that removing could be the way to go. I mean other than
everyone complaining abo
On Tue, 11 Jan 2022 at 09:11, Tim Düsterhus, WoltLab GmbH
wrote:
>
> So basically all the other languages I researched do not provide
> arguments within back traces.
Uh, that kind of suggests that providing arguments at all is a
mistake, and that removing could be the way to go. I mean other than
Hi Internals!
On 1/31/22 10:54, Tim Düsterhus, WoltLab GmbH wrote:
I plan to open voting on Wednesday, February, 2nd. Voting will run 2
weeks, 2/3 majority with the concept being voted on as explained in the
"Proposed Voting Choice" section:
https://wiki.php.net/rfc/redact_parameters_in_back_tra
Hi Alex
On 2/1/22 07:38, Alexandru Pătrănescu wrote:
I think storing the original value within the replacement value should be
considered and voted in this RFC as well, even if implemented in a separate
PR.
I did write some code where I process programmatically the backtraces and
while I might n
Hi Alex
On 2/1/22 07:38, Alexandru Pătrănescu wrote:
I think storing the original value within the replacement value should be
considered and voted in this RFC as well, even if implemented in a separate
PR.
I did write some code where I process programmatically the backtraces and
while I might n
On Mon, Jan 31, 2022 at 11:55 AM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Internals!
>
> On 1/10/22 15:05, Tim Düsterhus, WoltLab GmbH wrote:
> > https://wiki.php.net/rfc/redact_parameters_in_back_traces
> At the end of last week I've updated the RFC a little based on the
Hi Internals!
On 1/10/22 15:05, Tim Düsterhus, WoltLab GmbH wrote:
https://wiki.php.net/rfc/redact_parameters_in_back_traces
At the end of last week I've updated the RFC a little based on the
questions Derick Rethan asked me for episode #97 of PHP Internals News
podcast:
https://phpinternals
Hi Benjamin
On 1/15/22 7:07 PM, Benjamin Eberlei wrote:
I believe it wouldn't hurt the RFC to add more words around the fact that
stacktraces are often sent to third party services (Exception Tracking
software) and as such a redaction of the parameters would be powerful for
additional redaction
Hi Tim,
On Mon, Jan 10, 2022 at 3:06 PM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Internals!
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
>
> Christoph Becker granted me RFC editing permissions and I've now written
> up our proposal as a p
On Thu, Jan 13, 2022 at 10:04 AM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Lynn
>
> On 1/12/22 9:30 AM, Lynn wrote:
> > I was thinking more of a "keep track of the values replaced, and in the
> > end purge all those values from the end-result" kinda thing.
> >
>
> Thank y
Hi Lynn
On 1/12/22 9:30 AM, Lynn wrote:
I was thinking more of a "keep track of the values replaced, and in the
end purge all those values from the end-result" kinda thing.
Thank you for the clarification. This still is not in scope, because I
believe that to be harmful, as the parameter r
On Wed, Jan 12, 2022 at 9:17 AM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Lynn
>
> On 1/11/22 11:23 AM, Lynn wrote:
> > One possible addition; would it be possible to analyze the masked values
> > and mask any 100% matches elsewhere?
>
> No, this is not in scope for this RF
Hi Lynn
On 1/11/22 11:23 AM, Lynn wrote:
One possible addition; would it be possible to analyze the masked values
and mask any 100% matches elsewhere?
No, this is not in scope for this RFC, as it would require accurate
tracking of variable contents across reassignments and possibly function
Hi Tim,
On Tue, Jan 11, 2022 at 4:40 PM Tim Düsterhus, WoltLab GmbH
wrote:
>
> Hi Pierre
>
> On 1/11/22 4:48 AM, Pierre Joye wrote:
> > Also sensitive data goes way beyond arguments, GDPR brings a lot of
> > issues here too. Userland packages like monolog provide filters or
> > custom output, I t
On Mon, Jan 10, 2022 at 3:05 PM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Internals!
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
>
> Christoph Becker granted me RFC editing permissions and I've now written
> up our proposal as a proper RFC
Hi Pierre
On 1/11/22 4:48 AM, Pierre Joye wrote:
Also sensitive data goes way beyond arguments, GDPR brings a lot of
issues here too. Userland packages like monolog provide filters or
custom output, I think that is where it should be handled.
I believe that the author of a function is in the b
Hi Alex
On 1/11/22 4:10 AM, Alexandru Pătrănescu wrote:
As the trace in the exception is in the same format as the one generated
by debug_backtrace(),
do you intend to have the changes affecting debug_backtrace()
and debug_print_backtrace()?
My proof of concept patch adjusts the internal
'deb
Hi Dan
On 1/10/22 6:01 PM, Dan Ackroyd wrote:
How do other languages handle this problem? Or how do they avoid it in
the first place?
Ryan already replied here, but I've also researched this:
- Java is unable to provide parameters in stack traces.
- In C you generally have a core dump which c
On Mon, Jan 10, 2022 at 9:37 PM Michael Morris wrote:
>
> If someone can inject a debug_backtrace into your code and get it executed
> you have bigger problems than a parameter being exposed. And if you
> configure your prod servers to be all chatty Kathy to the world on error,
> you need to lear
On Mon, Jan 10, 2022 at 8:05 AM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Internals!
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
>
> Christoph Becker granted me RFC editing permissions and I've now written
> up our proposal as a proper RFC
Good morning Tim,
On Mon, Jan 10, 2022 at 9:06 PM Tim Düsterhus, WoltLab GmbH
wrote:
I am not sure it makes sense to make the code so verbose to prevent
users from showing sensitive data as it never stops (next
print_r/var_dump and userland version of them?).
Also sensitive data goes way beyond
On Mon, Jan 10, 2022 at 4:05 PM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Internals!
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
>
> Christoph Becker granted me RFC editing permissions and I've now written
> up our proposal as a proper RFC
Answering the question: How do other languages handle this problem? Or how
do they avoid it in
the first place?
Python basically doesn't handle the problem at all and offers this advice: Be
sure to delete all debugging related code before code delivery!
See section [9.2.1 production code cannot c
Hi Tim,
On Mon, 10 Jan 2022 at 14:05, Tim Düsterhus, WoltLab GmbH
wrote:
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
>
> https://wiki.php.net/rfc/redact_parameters_in_back_traces
>
How do other languages handle this problem? Or how do they avoid it in
the first
Hi Internals!
this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
Christoph Becker granted me RFC editing permissions and I've now written
up our proposal as a proper RFC:
https://wiki.php.net/rfc/redact_parameters_in_back_traces
I recommend also taking a look at my pr
25 matches
Mail list logo
