Code

Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#12736 closed (fixed)

Database passwords visible on debug page with new-style database config

Reported by: kmtracey Owned by: nobody
Component: Uncategorized Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The debug page settings display suppresses display of the values for any settings that contain 'PASSWORD' or 'SECRET' in their name. With the new dictionary style of database configuration, the database password becomes just a value for a key in a setting that is a dictionary, and the value is shown.

Attachments (0)

Change History (3)

comment:1 Changed 4 years ago by jezdez

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 4 years ago by russellm

  • Resolution set to fixed
  • Status changed from new to closed

(In [12360]) Fixed #12736 -- Fixed the debug page to hide passwords when they are in dictionary structures (like the new DATABASES setting). Thanks to Karen for the report.

comment:3 Changed 3 years ago by jacob

  • milestone 1.2 deleted

Milestone 1.2 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.