Opened 7 years ago

Closed 7 years ago

Last modified 5 years ago

#12736 closed (fixed)

Database passwords visible on debug page with new-style database config

Reported by: Karen Tracey Owned by: nobody
Component: Uncategorized Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The debug page settings display suppresses display of the values for any settings that contain 'PASSWORD' or 'SECRET' in their name. With the new dictionary style of database configuration, the database password becomes just a value for a key in a setting that is a dictionary, and the value is shown.

Change History (3)

comment:1 Changed 7 years ago by Jannis Leidel

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted

comment:2 Changed 7 years ago by Russell Keith-Magee

Resolution: fixed
Status: newclosed

(In [12360]) Fixed #12736 -- Fixed the debug page to hide passwords when they are in dictionary structures (like the new DATABASES setting). Thanks to Karen for the report.

comment:3 Changed 5 years ago by Jacob

milestone: 1.2

Milestone 1.2 deleted

Note: See TracTickets for help on using tickets.
Back to Top