Opened 13 years ago
Closed 13 years ago
#17460 closed Cleanup/optimization (fixed)
add KEY to HIDDEN_SETTINGS regexp
| Reported by: | daenney | Owned by: | chomik |
|---|---|---|---|
| Component: | Core (Other) | Version: | 1.4-alpha-1 |
| Severity: | Normal | Keywords: | hidden settings, hidden_settings, hide settings |
| Cc: | lpiatek | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
The HIDDEN_SETTINGS regexp is very useful but currently doesn't do much to obfuscate things such as API_KEY settings which are becoming more and more common to hook into additional services.
This would also be solved if/when #16435 gets resolved as it would allow people to add KEY to that regexp themselves.
However, for now and because the usage of such API key's is mainstream, I think it would be a good idea to add KEY to the default HIDDEN_SETTINGS regexp.
Attachments (5)
Change History (18)
comment:1 by , 13 years ago
| Easy pickings: | set |
|---|
comment:2 by , 13 years ago
by , 13 years ago
| Attachment: | HIDDEN_SETTINGS.patch added |
|---|
comment:4 by , 13 years ago
| Component: | Uncategorized → Core (Other) |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
I'm a little loathe to see more work happen on HIDDEN_SETTINGS when it's such an ugly solution to begin with. Especially now that we have custom error reporting. It'd be so much better to see this be part of a common solution to #16435 as noted.
However, those are common sensitive values, so I'll accept the ticket for now.
by , 13 years ago
| Attachment: | django-17460-hidden_settings.patch added |
|---|
comment:5 by , 13 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Cleaned up the diff so it patches from the root; please remember that the next time you write a patch, it just makes it easier to review the ticket.
I agree with the "should be fixed with a better solution all together", but it does not make the HIDDEN_SETTINGS worse by adding a few good values.
comment:6 by , 13 years ago
| Triage Stage: | Ready for checkin → Accepted |
|---|
Note that PASS and PASSWORD are redundant in the regexp.
I'm not sure if this needs tests (probably not) or docs (two lines in the "backward-incompatible changes" section of the release notes?).
comment:7 by , 13 years ago
| Patch needs improvement: | set |
|---|
Good catch, the docs actually *do* specify which settings get hidden, so updated docs are needed. A mention in the release notes is a good idea as well.
by , 13 years ago
| Attachment: | hidden_settingsv2.patch added |
|---|
comment:8 by , 13 years ago
Attached a newer version of the patch that also updates the docs to reflect the changes.
comment:9 by , 13 years ago
There's another little issue with the docs, the docs say anything that contains PROFANITIES will match but the HIDDEN_SETTINGS regexp specifies PROFANITIES_LIST as it's pattern so as far as I know PROFANITIES_CAKE won't match in that case.
comment:10 by , 13 years ago
| Patch needs improvement: | unset |
|---|
Now documentation matches regexp HIDDEN_SETTINGS from patch (hidden_settings3.patch).
comment:11 by , 13 years ago
| Owner: | changed from to |
|---|
by , 13 years ago
| Attachment: | hidden_settings4.patch added |
|---|
patch with improved documentation and release notes for 1.4-beta-1
comment:12 by , 13 years ago
| Cc: | added |
|---|---|
| Keywords: | hidden settings hidden_settings hide settings added |
| Triage Stage: | Accepted → Ready for checkin |
Patch also adds release notes for 1.4-beta-1, which are basicly release notes from 1.4-aplha-1 with aplpha to beta changes where necessary.
I think it is ready for check in.
comment:13 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
In [17481]:
(The changeset message doesn't reference this ticket)
TOKEN and PASS would be two other fairly common used names for such variables.