Apply SensitiveParameter attribute

Created on 15 July 2022, over 2 years ago
Updated 16 February 2023, almost 2 years ago

Problem/Motivation

PHP 8.2 provides attribute #[SensitiveParameter] to exclude sensitive data from backtraces

https://wiki.php.net/rfc/redact_parameters_in_back_traces

Proposed resolution

- explore where this attribute could be applied (password and private key arguments)
- discus policy on usage

Remaining tasks

- add the attribute to password argument and its hash (both interface and implementation)
- add it for non-string argument of PrivateKey

User interface changes

no

API changes

no

Data model changes

no

Release notes snippet

TBD

Feature request
Status

Fixed

Version

10.1

Component
Other 

Last updated 1 day ago

Created by

🇫🇷France andypost

Live updates comments and jobs are added and updated live.
  • PHP 8.2

    The issue particularly affects sites running on PHP version 8.2.0 or later.

  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024