Opened 15 years ago

Closed 15 years ago

Last modified 13 years ago

#12736 closed (fixed)

Database passwords visible on debug page with new-style database config

Reported by: Karen Tracey Owned by: nobody
Component: Uncategorized Version: dev
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The debug page settings display suppresses display of the values for any settings that contain 'PASSWORD' or 'SECRET' in their name. With the new dictionary style of database configuration, the database password becomes just a value for a key in a setting that is a dictionary, and the value is shown.

Change History (3)

comment:1 by Jannis Leidel, 15 years ago

Triage Stage: UnreviewedAccepted

comment:2 by Russell Keith-Magee, 15 years ago

Resolution: fixed
Status: newclosed

(In [12360]) Fixed #12736 -- Fixed the debug page to hide passwords when they are in dictionary structures (like the new DATABASES setting). Thanks to Karen for the report.

comment:3 by Jacob, 13 years ago

milestone: 1.2

Milestone 1.2 deleted

Note: See TracTickets for help on using tickets.
Back to Top