id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 19453 Sensitive variables decorator does not hide sensitive variables Vlastimil Zíma Julien Phalip "When an exception is raised and nicely formatted email is sent, sensitive variables are not hidden. They are hidden in the last frame, but they can be clearly seen in the arguments of the `sensitive_variables_wrapper` itself. Code: {{{ #!python @method_decorator(sensitive_variables('token')) def verify_totp(self, token): raise ValueError }}} Traceback in HTML email: {{{ /home/vlastimil/git/django/django/views/decorators/debug.py in sensitive_variables_wrapper 34. return func(*args, **kwargs) Local Vars Variable Value sensitive_variables_wrapper variables ('token',) args (45485464,) func kwargs {} /home/vlastimil/git/django/django/utils/decorators.py in bound_func 21. return func(self, *args2, **kwargs2) Local Vars Variable Value args2 (45485464,) func self kwargs2 {} /home/vlastimil/git/ginger/mojeid/mojeid/models/otp.py in verify_totp 81. raise ValueError Local Vars Variable Value token u'********************' self }}} It can be easily seen the value `45485464` in the local vars of the `sensitive_variables_wrapper`. I could not determine any simple solution to avoid this problem. Note: I was not able to make django 1.5 work yet, but checking the changes in relevant files I did not found any change that might solve this bug. Note2: Variables are also shown in the `method_decorator` arguments which is another story, which can not be fixed until this one is resolved." Bug closed Core (Other) 1.4 Release blocker fixed Ready for checkin 0 0 0 0 0 0