Re: [RFC] [Discussion] Change default for zend.exception_ignore_args INI setting

From:	Larry Garfield	Date:	Thu, 10 Apr 2025 19:10:40 +0000
Subject:	Re: [RFC] [Discussion] Change default for zend.exception_ignore_args INI setting
References:	1 2 3	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On Thu, Apr 10, 2025, at 1:53 PM, Bob Weinand wrote:

>> I'd rather see the value in php.ini-production being changed to 
>> Off to match the built-in default. see 
>> https://github.com/php/php-src/pull/18215#issuecomment-2768618516
>
>
> Full agreement with Tim here - make PHP friendly to development.
>
> There are only few places where secrets would be actually relevant, and 
> those can be covered by #[SensitiveParameter].

I tend to agree as well.  #[SensitiveParameter] is the better solution in the 95% case.  If there
are libraries still not using it (as the RFC suggests), those should have bugs (or preferably
patches) filed against them.

The great thing about attributes is they're intrinsically backward compatible, so there's
no meaningful cost to adding/patching liberally.

--Larry Garfield


   

Thread (12 messages)

• Andrew LyonsWed, 09 Apr 2025 02:00:04 +0000
  • Tim DüsterhusThu, 10 Apr 2025 15:19:57 +0000
    • Bob WeinandThu, 10 Apr 2025 18:53:24 +0000
      • Larry GarfieldThu, 10 Apr 2025 19:10:40 +0000
        • Kamil TekielaThu, 10 Apr 2025 20:03:24 +0000
          • Andrew LyonsFri, 11 Apr 2025 03:15:39 +0000
            • Kamil TekielaFri, 11 Apr 2025 11:11:46 +0000
        • Andrew LyonsFri, 11 Apr 2025 03:14:00 +0000
    • Andrew LyonsFri, 11 Apr 2025 01:10:11 +0000
  • Rowan Tommins [IMSoP]Sun, 13 Apr 2025 11:53:58 +0000
    • Kamil TekielaSun, 13 Apr 2025 14:07:46 +0000
      • Rowan Tommins [IMSoP]Sun, 13 Apr 2025 14:37:31 +0000