Error Reporting Howto should link to the sensitive keywords in the settings files

[Mike Lissner]

In the Error Reporting Howto, there's a section on "Filtering sensitive information" (​https://docs.djangoproject.com/en/dev/howto/error-reporting/#filtering-sensitive-information), which describes how to use the @sensitive_variables decorator.

The other place where variables leak is from the settings file, which has filtering of its own that hides any variable with a name matching:

HIDDEN_SETTINGS = re.compile('API|TOKEN|KEY|SECRET|PASS|SIGNATURE', flags=re.IGNORECASE)

This is documented on the settings page (​https://docs.djangoproject.com/en/1.7/ref/settings/#debug).

The howto should link to the settings page. I would make this change myself, but I can't figure out the RST formatting.

A simple change would be to make the second paragraph of the Filtering section say something like:

However, sometimes certain types of information may be too sensitive and thus
may not be appropriate to be kept track of, for example a user's password or
credit card number. So in addition to filtering out settings that appear sensitive,
Django offers a set of function decorators to help you control which information
should be filtered out of error reports in a production environment (that is,
where :setting:DEBUG is set to False):

With "filtering out settings" being a link to the settings page.

[Tim Graham <timograham@…>]

In 8928823b:

Fixed #26436 -- Added a link to the settings filtering in the error reporting howto.

Thanks mlissner for the suggestion.

[Tim Graham <timograham@…>]

In cac320b:

[1.9.x] Fixed #26436 -- Added a link to the settings filtering in the error reporting howto.

Thanks mlissner for the suggestion.

Backport of 8928823b135b9ce2c7b18f4da0d2602b113a247e from master