Opened 18 years ago

Last modified 13 years ago

#3195 closed enhancement

Documenting HIDDEN_SETTINGS — at Initial Version

Reported by: cmgreen@… Owned by: Jacob
Component: Documentation Version: dev
Severity: normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

Index: docs/settings.txt
===================================================================
The HIDDEN_SETTINGS came in useful for a project where I was using REMOTE_USER_PASSWD and had the debug output pop up in a demo. If I had used PASSWORD, I would have not had that issue ;)

--- docs/settings.txt (revision 4248)
+++ docs/settings.txt (working copy)
@@ -328,6 +328,13 @@

A boolean that turns on/off debug mode.

+If you define custom settings, django/views/debug.py has a
+HIDDEN_SETTINGS regular expression which will hide from the DEBUG view
+anything that matches 'SECRET|PASSWORD|PROFANITIES_LIST'. Using this setting
+allows untrusted users to be able to give backtraces without seeing
+sensitive settings.
+
+

Change History (1)

by cmgreen@…, 18 years ago

Attachment: django-hiddensettings.patch added

possible patch for hidden settings documentation

Note: See TracTickets for help on using tickets.
Back to Top