View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001485XdebugRemote Debuggingpublic2017-10-29 20:432017-10-29 20:44
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
PlatformOSOS Version
Product Version2.5.5 
Target VersionFixed in Version 
Summary0001485: Add option to encrypt remote debugging connection
DescriptionTo my knowledge (and as far as I could dig through the docs) the connection from within the server to the debugging client is not protected and therefor it can be intercepted and misused by third party. One of the methods to eliminate this currently is either use of VPN (as long as the network is private) or use of SSH tunnel. I believe it would be great if xdebug added an option to support transport encryption of the debugging data, possibly symmetric for start.
In the configuration, there would be xdebug.remote_secret = "abcde" and locally it would be passed as parameter when starting to listen for the debug session. If remote_secret is set to something, the secret will then be used to encrypt all the traffic using symmetric algorithm like AES.
In future, the encryption could be based on pre-configured user accounts or generally some transport security could be added in form of TLS.
Operating System
PHP Version7.1.0-7.1.4
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2017-10-29 20:43 hajekj New Issue
2017-10-29 20:44 hajekj Tag Attached: security

Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker