#12736 closed (fixed)
Database passwords visible on debug page with new-style database config
| Reported by: | Karen Tracey | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | dev |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The debug page settings display suppresses display of the values for any settings that contain 'PASSWORD' or 'SECRET' in their name. With the new dictionary style of database configuration, the database password becomes just a value for a key in a setting that is a dictionary, and the value is shown.
Change History (3)
comment:1 by , 14 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:2 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
(In [12360]) Fixed #12736 -- Fixed the debug page to hide passwords when they are in dictionary structures (like the new DATABASES setting). Thanks to Karen for the report.