DEV Community

spO0q
spO0q

Posted on

12 1 1 1 1

PHP 8.2: the SensitiveParameter attribute

Functions, objects, or some configs can contain credentials and sensitive data. There could be multiple occurrences in your code.

Using the SensitiveParameter attribute will prevent any unwanted disclosure in stack traces (e.g., debug_print_backtrace), error logs, and, more generally, in fatal errors.

Basic syntax

function hashData(#[\SensitiveParameter] string $password) {}
Enter fullscreen mode Exit fullscreen mode

Instead of the actual value, people will get a SensitiveParameterValue in debugs and other var_dump. Behind the scene, it encapsulates the real value in a private value.

The SensitiveParameterValue class is final and implements a magic method called __debugInfo to ensure nothing is returned (empty array).

Source: The SensitiveParameter class

Kill a classic vector

Logs and stack traces are classic point of entries for attackers, as it usually bypasses authentication and authorization.

Using this attribute will not make your app bulletproof, but it does add an interesting layer.

Top comments (1)

Collapse
 
spo0q profile image
spO0q

Also don't forget to encrypt/hash any password you would use, even if you use the SensitiveParameter attribute!

👋 Kindness is contagious

Dive into this thoughtful article, cherished within the supportive DEV Community. Coders of every background are encouraged to share and grow our collective expertise.

A genuine "thank you" can brighten someone’s day—drop your appreciation in the comments below!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found value here? A quick thank you to the author makes a big difference.

Okay