Evening all,
I've prepared an alternative: https://github.com/php/php-src/pull/4282
Hiding the arguments seems sensible enough, not as a hardcoded default
(default behaviour should be retained), but as a documented recommended
default for production.
I think, this needs to go through the RFC
Encrypting logs could potentially impact performance alot. My opinion is that
core dumps and full stack traces should be disabled by default and activated
only when needed to minimize the risk of data leaks. However, logging is
needed. You need to get information about what went wrong.
Maybe
On 17/06/2019 18:10, Erik Lundin wrote:
Background:
The latest version of PHP seems to handle fatal errors as exceptions
which results in stack traces being logged. Stack traces can potentially
contain sensitive information and should not be logged in a production
environment.
Having access
