Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Security] [Throttling] Hide username and client ip in logs#51434
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.phpShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
e67079c tobe0e24cCompare| { | ||
| if (!$secret) { | ||
| trigger_deprecation('symfony/security-http','6.4','Calling "%s()" with an empty secret is deprecated. A non-empty secret will be mandatory in version 7.0.',__METHOD__); | ||
| // throw new \InvalidArgumentException('A non-empty secret is required.'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This will be for 7.0, but maybe it'll be better to useSymfony\Component\Security\Core\Exception\InvalidArgumentException instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Correct. I changed the line
src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
589e497 toff8a8abComparenicolas-grekas commentedAug 23, 2023
Thank you@Spomky. |
| privatefunctionhash(string$data):string | ||
| { | ||
| returnstrtr(substr(base64_encode(hash_hmac('sha256',$data,$this->secret,true)),0,8),'/+','._'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I came here to check as I was worried I'd have to complain about a massive cache size increase, but I'm happy to see that it was taken into account and this will actually probably even reduce the cache storage requirements. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Honestly, I fell into the trap 😅🤦♂️. But there are people here who are very quick-witted and who paid attention to that 😊. #bestcommunityever 👌
The `secret` parameter has been added in#51434 with a default value of`''` and a deprecation message that it is required / may not be empty.Which is fine and doesn't hurt backwards compatiblity.The later ticket#52469 changes the deprecation into an exception, as itis undesirable that no secret is used (in any scenario). This leads tothe unintended side effect that there is a BC breakage when a developermanually creates a `DefaultLoginRateLimiter` as it is now actuallyrequired to provide a (non empty) value due to the check and exception.Allowing the service / class to be used without providing the secretparameter, in a backwards compatible manner, but then still breaking thebackwards compatibility by throwing due to the default value isconfusing. So making the `secret` required makes more sense from adeveloper perspective as it is clear in that the parameter must beprovided.
…r (RobertMe)This PR was merged into the 6.4 branch.Discussion----------[Security] make secret required for DefaultLoginRateLimiter| Q | A| ------------- | ---| Branch? | 6.4| Bug fix? | yes/no| New feature? | no| Deprecations? | yes/no| Issues || License | MITThis tickets results from the discussion here:#52469 (review) and `@nicolas`-grekas requested a PR for it.The `secret` parameter has been added in#51434 with a default value of `''` and a deprecation message that it is required / may not be empty. Which is fine and doesn't hurt backwards compatibility.The later ticket#52469 changes the deprecation into an exception, as it is undesirable that no secret is used (in any scenario). This leads to the unintended side effect that there is a BC breakage when a developer manually creates a `DefaultLoginRateLimiter` as it is now actually required to provide a (non empty) value due to the check and exception.Allowing the service / class to be used without providing the secret parameter, in a backwards compatible manner, but then still breaking the backwards compatibility by throwing due to the default value is confusing. So making the `secret` required makes more sense from a developer perspective as it is clear in that the parameter must be provided.Commits-------ecbf0e9 [Security] make secret required for DefaultLoginRateLimiter
…kernel.secret% with the rate-limiter (nicolas-grekas)This PR was merged into the 7.1 branch.Discussion----------[SecurityBundle] Use %container.build_hash% instead of %kernel.secret% with the rate-limiter| Q | A| ------------- | ---| Branch? | 7.2| Bug fix? | no| New feature? | no| Deprecations? | no| Issues | -| License | MITIn#51434, we decided to hash the username and the client IP in order to anonymize logs.I propose to use %container.build_hash% instead of %kernel.secret% in order to use %kernel.secret% one less time.%container.build_hash% looks good enough to me, and it doesn't need any external configuration.Related to the discussion happening insymfony/recipes#1314Commits-------574f573 [SecurityBundle] Use %container.build_hash% instead of %kernel.secret% with the rate-limiter
This PR is a proposal for fixing#46362. It appears the username and IP address may be both available in the log or the caching system.
The proposed feature uses the already existing kernel secret to hash the data.