[xdebug-general] Re: excluding code or variables possible?

From: Werner Flamme <werner.flamme[@]ufz.de>
Date: Mon, 25 Jun 2012 17:24:08 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Maybe you have a place where only one or two programmers work, but
with us, this is not the case. Everyone who is able to to a "echo
'Hi'; " is allowed to code. And not everyone is trustworthy.

As I said in <0M6600C00HY90L00[@]imap.leipzig.ufz.de>, the source code
has restricted access. And we do not want to work around this ;-)

We have another database instance where every developer has his own
namespace, but this is rarely used because it's simpler to work with
the three database instances that belong to the project. And there is
absolutely no need for any developer to get the master password of the
whole system.

It should not matter if the IP range is fixed or not - the project
runs on several production and at least one development server, and
looking at the passwords would take place there - how can I tell? It
does not matter where the user is - the DB server sees the application
server, and thus will deliver anything.

That's why I asked for an xdebug feature for this ;-)

Crocodile [25.06.2012 15:39]:
> Sorry for offtopic, but it's strange that you do not trust your
> own developers. And, in fact, they can do you more harm than just
> stealing database password (which is easy to change, by the way,
> and you also can restrict the access to the database by a list of
> IP addresses).
>
> Developers could also have their own copy of database with
> passwords managed on their own. That's not always possible, I know,
> but in many cases that's an option.
>
> 2012/6/25 Werner Flamme <werner.flamme[@]ufz.de>
>
> Hi,
>
> for a distributed development xdebug seems to be too good :-). It
> looks at every single line of code and at every variable...
>
> In this environment it would be nice, if xdebug would not look at
> some functions and at some variables, because - if it does - every
> developer can see the secret passwords for the databese
> connections...
>
> Is there any possibility to tell xdebug *not* to show (or analyse)
> the content of certain functions and/or variables? For security
> reasons, this should be configured on the server side.
>
> Thanks in advance for reading the question :-)

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/ogpgACgkQk33Krq8b42MZjwCdFu3Gi95XhJA+9zovoVsLji7c
2vIAnjJE57j3w/LHFSN3ocZdNBsBDPmV
=8pvH
-----END PGP SIGNATURE-----
Received on Mon Jun 25 2012 - 16:24:09 BST

This archive was generated by hypermail 2.2.0 : Mon Jun 25 2018 - 06:00:04 BST