diff --git a/README.md b/README.md index 5d59145..4fa474d 100644 --- a/README.md +++ b/README.md @@ -8,23 +8,23 @@ It is meant to be very easy to use. If you have any experience with trying to sa In order to use it, you just need to feed your sensitive data (passwords, tokens, credentials) to `Fuko\Masked\Protect` ```php - use Fuko\Masked\Protect; +use Fuko\Masked\Protect; - Protect::hideValue($secret_key); // hide the value inside the $secret_key var - Protect::hideInput('password', INPUT_POST); // hide the value of $_POST['password'] +Protect::hideValue($secret_key); // hide the value inside the $secret_key var +Protect::hideInput('password', INPUT_POST); // hide the value of $_POST['password'] - $redacted = Protect::protect($_POST); +$redacted = Protect::protect($_POST); ``` ...and that's it. The blacklisted values and inputs will be masked. The output of the above code is going to be ```php - // consider these values for the vars used - // $secret_key = '12345678'; - // $_POST = array('username' => 'Bob', 'password' => 'WaldoPepper!', 'messages' => 'The secret key is 12345678'); +// consider these values for the vars used +// $secret_key = '12345678'; +// $_POST = array('username' => 'Bob', 'password' => 'WaldoPepper!', 'messages' => 'The secret key is 12345678'); - $redacted = Protect::protect($_POST); - print_r($redacted); +$redacted = Protect::protect($_POST); +print_r($redacted); ``` ``` Array @@ -48,72 +48,72 @@ By doing the above, you are going to have redacted content with all the sensitiv You know where your passwords and credentials are, and you want to blacklist them in any dumps you create. Here's how you would do it: ```php - use \Fuko\Masked\Protect; - - // consider these values inside $config - // $config = array( - // 'project_title' => 'My New Project!', - // 'mysql_username' => 'me', - // 'mysql_password' => 'Mlyk!', - // 'mysql_database' => 'project', - // 'root' => '/var/www/niakade/na/majnata/si', - // 'i.am.stupid' => 'Mlyk! e egati parolata za moya project', - // ); - - Protect::hideValue($config['mysql_username']); - Protect::hideValue($config['mysql_password']); - Protect::hideValue($config['mysql_database']); - - print_r(Protect::protect($config)); - /* ... and the output is - Array - ( - [project_title] => My New Project! - [mysql_username] => ██ - [mysql_password] => █████ - [mysql_database] => ███████ - [root] => /var/www/niakade/na/majnata/si - [i.am.stupid] => █████ e egati parolata za moya ███████ - ) - */ +use \Fuko\Masked\Protect; + +// consider these values inside $config +// $config = array( +// 'project_title' => 'My New Project!', +// 'mysql_username' => 'me', +// 'mysql_password' => 'Mlyk!', +// 'mysql_database' => 'project', +// 'root' => '/var/www/niakade/na/majnata/si', +// 'i.am.stupid' => 'Mlyk! e egati parolata za moya project', +// ); + +Protect::hideValue($config['mysql_username']); +Protect::hideValue($config['mysql_password']); +Protect::hideValue($config['mysql_database']); + +print_r(Protect::protect($config)); +/* ... and the output is +Array +( + [project_title] => My New Project! + [mysql_username] => ██ + [mysql_password] => █████ + [mysql_database] => ███████ + [root] => /var/www/niakade/na/majnata/si + [i.am.stupid] => █████ e egati parolata za moya ███████ +) +*/ ``` At some occasions you know that user-submitted data or other super-global inputs might contain sensitive data. In these cases you do not need to hide the actual value, but you can address the input array instead. In this example we are going to mask the "password" POST value: ```php - use \Fuko\Masked\Protect; - - Protect::hideInput('password', INPUT_POST); - - // later you need to do a dump of $_POST and ... - $_POST_redacted = Protect::protect($_POST); - /* ... and the output is - Array - ( - [email] => Bob@sundance.org - [password] => ███████ - ) - */ +use \Fuko\Masked\Protect; + +Protect::hideInput('password', INPUT_POST); + +// later you need to do a dump of $_POST and ... +$_POST_redacted = Protect::protect($_POST); +/* ... and the output is +Array +( + [email] => Bob@sundance.kid + [password] => ███████ +) +*/ ``` ## Different Masking You can use `\Fuko\Masked\Redact` in your project as the library for masking data. By default the class uses `\Fuko\Masked\Redact::disguise()` method for masking, with default settings that masks everything and that uses `█` as masking symbol. Here's how you can change its behaviour: ```php - use \Fuko\Masked\Redact; +use \Fuko\Masked\Redact; - /* leave 4 chars unmasked at the end, and use '*' as masking symbol */ - Redact::setRedactCallback( [Redact::class, 'disguise'], [4, '*']); - echo Redact::redact('1234567890'); // Output is '******7890' +/* leave 4 chars unmasked at the end, and use '*' as masking symbol */ +Redact::setRedactCallback( [Redact::class, 'disguise'], [4, '*']); +echo Redact::redact('1234567890'); // Output is '******7890' - /* leave 4 chars unmasked at the beginning, and use '🤐' as masking symbol */ - Redact::setRedactCallback( [Redact::class, 'disguise'], [-4, '🤐']); - echo Redact::redact('1234567890'); // Output is '1234🤐🤐🤐🤐🤐🤐' +/* leave 4 chars unmasked at the beginning, and use '🤐' as masking symbol */ +Redact::setRedactCallback( [Redact::class, 'disguise'], [-4, '🤐']); +echo Redact::redact('1234567890'); // Output is '1234🤐🤐🤐🤐🤐🤐' ``` You can set your own callback for masking with `\Fuko\Masked\Redact` class: ```php - use \Fuko\Masked\Redact; +use \Fuko\Masked\Redact; - Redact::setRedactCallback( function($var) { return '💩'; } ); - echo Redact::redact('1234567890'); // Output is '💩' +Redact::setRedactCallback( function($var) { return '💩'; } ); +echo Redact::redact('1234567890'); // Output is '💩' ```