dpaste.com feature in debug traceback view should be optional
|Reported by:||mike w||Owned by:||nobody|
|Cc:||Zach Borboa||Triage Stage:||Accepted|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
In the default debug stacktrace view, the "copy-and-paste view" includes a helpful form to submit the traceback to dpaste.com. When the (very large) form submit button is clicked, the full stack trace and environment is immediately posted to dpaste.com.
This feature poses security risk: a careless click can immediately publish a stack trace to third-party site, with no protection of the data in transit, and no access controls at the remote side. For individuals or organizations working on confidential projects, there is typically no interest in sharing any information externally.
It does require two clicks to cause such an accident (one to toggle copy-and-paste view, another to submit the form), making it unlikely to happen -- but we have had it happen, and at my organization we'd sleep far better with this feature disabled on all projects.
Suggestion 1: Make use of this pastebin an optional feature (patch attached).
Suggestion 2: Make this feature default disabled (flip bit in attached patch; default preserves existing behavior).
Suggestion 3: Make the pastebin form customizable, so that a provider other than dpaste may be used (for example, an internal pastebin.) I don't have much interest in this, so I've not attempted the larger change.