Code

Opened 3 years ago

Closed 5 months ago

#16435 closed New feature (wontfix)

Configurable hidden settings in debug mode

Reported by: munderwood@… Owned by: nobody
Component: Core (Other) Version: 1.3
Severity: Normal Keywords: settings.py
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Hi all,

I've ran into the case where I have a settings variable in settings.py that I would like to have displayed starred out or hidden when in debug mode, like the databases PASSWORD variable. It appears that if its name contains SECRET, PASSWORD, PROFANITIES_LIST or SIGNATURE then the debug view will hide it, but anything else it wont.

It would be nice from a user point of view to be able to add to this list of hidden keywords to hide specific things that dont fall under these four keywords.

Cheers

Mark

Attachments (0)

Change History (4)

comment:1 Changed 3 years ago by julien

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Design decision needed

This is currently controlled by the HIDDEN_SETTINGS variable in source:django/trunk/django/views/debug.py#L18 as described in https://docs.djangoproject.com/en/dev/ref/settings/#debug and introduced in [1242].

However, there is no easy way for the developer to override this value. Perhaps a new global settings should be added.

comment:2 Changed 3 years ago by anonymous

I think something along those lines would be appropriate

comment:3 Changed 3 years ago by jacob

  • Triage Stage changed from Design decision needed to Accepted

I'm fairly sure this is a duplicate of another ticket involving more granular controls of what's hidden and not, but I can't find it now. Marking accepted, but potential patch writers beware: I will not accept a patch that solves this simply by introducing Yet Another Setting. Let's find a more elegant approach, please.

comment:4 Changed 5 months ago by jocmeh

  • Resolution set to wontfix
  • Status changed from new to closed

I can't really think of a nice solution that doesn't involve Yet Another Setting™. In my opinion, if you want to keep the values for certain variables secret, just prefix their names with 'SECRET_'.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.