PHP 8.2: the SensitiveParameter attribute
spO0q
Posted on July 11, 2023
Functions, objects, or some configs can contain credentials and sensitive data. There could be multiple occurrences in your code.
Using the SensitiveParameter attribute will prevent any unwanted disclosure in stack traces (e.g., debug_print_backtrace
), error logs, and, more generally, in fatal errors.
Basic syntax
function hashData(#[\SensitiveParameter] string $password) {}
Instead of the actual value, people will get a SensitiveParameterValue
in debugs and other var_dump
. Behind the scene, it encapsulates the real value in a private value.
The SensitiveParameterValue
class is final and implements a magic method called __debugInfo
to ensure nothing is returned (empty array).
Source: The SensitiveParameter class
Kill a classic vector
Logs and stack traces are classic point of entries for attackers, as it usually bypasses authentication and authorization.
Using this attribute will not make your app bulletproof, but it does add an interesting layer.
Posted on July 11, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.