rfc:redact_parameters_in_back_traces
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
rfc:redact_parameters_in_back_traces [2022/02/01 10:21] – 1.4: Use SensitiveParameterValue as the replacement value timwolla | rfc:redact_parameters_in_back_traces [2022/02/04 10:57] – 1.5: Store the original value timwolla | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: Redacting parameters in back traces ====== | ====== PHP RFC: Redacting parameters in back traces ====== | ||
- | * Version: 1.4 | + | * Version: 1.5 |
* Date: 2022-01-10 | * Date: 2022-01-10 | ||
* Author: Tim Düsterhus, duesterhus@woltlab.com | * Author: Tim Düsterhus, duesterhus@woltlab.com | ||
Line 38: | Line 38: | ||
For this reason, the replacement value will need to violate the type-hint for at least some of the parameters the attribute is applied to. Using a < | For this reason, the replacement value will need to violate the type-hint for at least some of the parameters the attribute is applied to. Using a < | ||
+ | |||
+ | Furthermore the replacement object will store the original value, allowing it to retrieve it on explicit request, while making it hard to accidentally expose it. | ||
+ | |||
+ | The userland equivalent of the < | ||
+ | |||
+ | <PHP> | ||
+ | <?php | ||
+ | |||
+ | final class SensitiveParameterValue | ||
+ | { | ||
+ | public function __construct(private readonly mixed $value) {} | ||
+ | |||
+ | public function getValue(): mixed { return $value; } | ||
+ | |||
+ | /* Hide the value from var_dump(). */ | ||
+ | public function __debugInfo(): | ||
+ | |||
+ | /* Hide the value from serialization. */ | ||
+ | public function __serialize(): | ||
+ | |||
+ | /* Prevent unserialization, | ||
+ | public function __unserialize(array $data): void { | ||
+ | throw new \Exception(' | ||
+ | } | ||
+ | } | ||
+ | </ | ||
==== Examples ==== | ==== Examples ==== | ||
Line 217: | Line 243: | ||
\assert($testFrame[' | \assert($testFrame[' | ||
\assert($testFrame[' | \assert($testFrame[' | ||
+ | // Explicitly retrieve the original value. | ||
+ | \assert($testFrame[' | ||
\assert($testFrame[' | \assert($testFrame[' | ||
} | } | ||
Line 398: | Line 426: | ||
===== Future Scope ===== | ===== Future Scope ===== | ||
- | * Storing the original value within the replacement value. Care needs to be taken that this does not easily expose the original value, e.g. when serializing. | + | None. |
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
- | Add the < | + | Add the < |
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
Line 426: | Line 454: | ||
===== Changelog ===== | ===== Changelog ===== | ||
+ | * 1.5: Store the original value. | ||
* 1.4: Use SensitiveParameterValue as the replacement value. | * 1.4: Use SensitiveParameterValue as the replacement value. | ||
* 1.3: " | * 1.3: " |
rfc/redact_parameters_in_back_traces.txt · Last modified: 2022/06/13 09:15 by timwolla