On Mon, Jan 10, 2022 at 9:37 PM Michael Morris <tendo...@gmail.com> wrote:
> > If someone can inject a debug_backtrace into your code and get it executed > you have bigger problems than a parameter being exposed. And if you > configure your prod servers to be all chatty Kathy to the world on error, > you need to learn how to do better. A change to the language is not in > order here. > These things can also be logged as well. This isn't a security concern only in the sense of the backtrace being displayed on a webpage output or something. There are legal requirements in many jurisdictions about how data can be retained and where. It is entirely possible that something could be accidentally logged that would inadvertently violate a local regulation for handling of customer data. Jordan
