Closed peterjaap closed 1 month ago
This is how i usually log a trace
/**
* Make the log entry single pipe separated line
* Remove full path from trace for easier reading
* BP defined at app/autoload.php
*/
$traceString = str_replace(PHP_EOL, '|', (new \Exception)->getTraceAsString());
$traceString = '|' . str_replace(BP . '/', '', $traceString);
there is also Magento\Framework\Debug::backtrace
Thanks @mpchadwick all these years and this passed me by 😄
I think it would be cool if we had flags like
That way the process for securing your site can be
php bin/magento gene:encryption-key-manager:generate
bin/magento gene:encryption-key-manager:reencrypt-column admin_user user_id rp_token
etc with every tableOnly log legacy encrypted values
flag. If you get a log hit, you know you've missed something and you have a target to address. If you don't get any log hits for however long you know you're happy to proceed to the next step which isphp bin/magento gene:encryption-key-manager:invalidate
I really think this moves the "logging" aspect up the priority, as it will allow us assuredness that we've targeted everything before we make the all too critical "invalidation" step.
Log the locations where the value was found (stack trace / location)?
And then let it run for a week or so, and we should have a pretty comprehensive list of all encrypted values.
With toggle.