The SensitiveParameterValue class

(PHP 8 >= 8.2.0)

Introduction

The SensitiveParameterValue class allows wrapping sensitive values to protect them against accidental exposure.

Values of parameters having the SensitiveParameter attribute will automatically be wrapped inside of a SensitiveParameterValue object within stack traces.

Class synopsis

final class SensitiveParameterValue {

/* Properties */

private readonly mixed $value;

/* Methods */

public __construct(mixed $value)

public __debugInfo(): array

public getValue(): mixed

}

Properties

value: The sensitive value to be protected against accidental exposure.

SensitiveParameterValue::__construct — Constructs a new SensitiveParameterValue object
SensitiveParameterValue::__debugInfo — Protects the sensitive value against accidental exposure
SensitiveParameterValue::getValue — Returns the sensitive value

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

＋add a note

User Contributed Notes 1 note

down

fossalta at xs4all dot nl ¶

1 day ago

While this class protects against accidental echo and/or var_dump, it does NOT protect against some other php functions:

<?php
$value = new SensitiveParameterValue('MyPassword');

var_dump($value); // Safe

echo $value; // PHP error: could not be converted to string

var_dump(get_mangled_object_vars($value)); // Password exposed!!!
?>