Hello, I would like to make a proposal for Opaque and Ciphered objects. Both are related to securing sensitive data such as passwords and keys while you need to manipulate them in your code.
The need for Opaque Objects comes from securing sensitive data while they are in clear in your system. Instead of manipulating passwords as strings, we manipulate them through an Opaque object that can't leak its contents through var_dump/var_export, trace dumping or serialization. The only way of leaking the protected data would be by calling a `disclose()` method. As the serialization feature would be blocked by Opaque Objects alone, the Ciphered Objects and encrypt/decrypt functionalities are added to keep a safe way of serialization of those sensitive data. I have a specification I use as an ADR in some of my projects currently in production that I would be happy to use as a PSR draft. Would such proposal interest people from the FIG to transform it to a PSR? Grégory -- You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/3309a547-ded6-4e21-b5db-63937e4178d2n%40googlegroups.com.
