Hide sensitive information with SensitiveParameter attribute
#46183
Conversation
SensitiveParameter attributeSensitiveParameter attribute
| 6.2 | ||
| --- | ||
|
|
||
| * Hide sensitive information from stack traces with `SensitiveParameter` attribute |
There was a problem hiding this comment.
Added the info to the changelog for discoverability.
There was a problem hiding this comment.
I think we need to be more precise about "Hide". It's "only" for back traces.
| @@ -29,12 +29,12 @@ interface PasswordHasherInterface | |||
| * | |||
| * @throws InvalidPasswordException When the plain password is invalid, e.g. excessively long | |||
| */ | |||
| public function hash(string $plainPassword): string; | |||
| public function hash(#[\SensitiveParameter] string $plainPassword): string; | |||
There was a problem hiding this comment.
The attribute has no effect on the interface, but is a remainder for implementers.
SensitiveParameter attributeSensitiveParameter attribute
|
Just saying: in the PHP repository there was an issue about making this See php/php-src#8381 |
|
@javiereguiluz we should expose the |
|
I don't know. It was just a "maybe we should think about this" comment. Imagine a bug where you mistyped some chars in your password. But is that common? |
|
Can you take a look at the rest of the codebase where this could be useful? I think it's fine do it once for all, everywhere plain credentials are passed around (#46853 mentions some relevant places btw) |
|
RFC author here 👋
I recommend not just looking at credentials, but also stuff like plaintext values that are passed into an encryption component to be encrypted. I'm not a Symfony user, but an example would likely be My php-src PR that adds the attribute is this one: php/php-src#8352, it might be a good reference. |
36389dc to
64609b9
Compare
64609b9 to
a57746d
Compare
|
I added the attribute on every parameter that looks like a secret. Notes:
|
SensitiveParameter attributeSensitiveParameter attribute
That's ok as long as we manage to reveal the sensitive values in debugging contexts such as the webprofiler, right?
Fine to me as well, as they might do at some point or be extended. |
| 6.2 | ||
| --- | ||
|
|
||
| * Hide sensitive information from stack traces with `SensitiveParameter` attribute |
There was a problem hiding this comment.
I think we need to be more precise about "Hide". It's "only" for back traces.
|
Thank you @GromNaN. |
b13a5e4 to
7dcc4ac
Compare
This PR was merged into the 6.2 branch. Discussion ---------- Add more #[\SensitiveParameter] | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Follow-up to #46183 Commits ------- 8ad9642 Add more #[\SensitiveParameter]
This PR was merged into the 6.3 branch. Discussion ---------- Add #[\SensitiveParameter] to $sessionId | Q | A | ------------- | --- | Branch? | 6.3 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Follow-up to #48274 and #46183 Commits ------- 32c9f28 Add #[\SensitiveParameter] to $sessionId
New feature for PHP 8.2: Redact parameters in back traces
This could be a "minor" change, but I think it should be highlighted to be fully functional. The annotation is required in all calling functions otherwise the argument value is displayed.