Opened 13 years ago

Closed 13 years ago

#1979 closed enhancement (wontfix)

[patch] Modify to show database queries on 500 errors

Reported by: Simon Greenhill, dev@… Owned by: Adrian Holovaty
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Patch to list any database queries that have been executed ( i.e. stored in django.db.connection.queries ) in a 500 Internal Server Error.

Attachments (1)

debug_queries.diff (1.4 KB) - added by Simon Greenhill, dev@… 13 years ago.

Download all attachments as: .zip

Change History (6)

Changed 13 years ago by Simon Greenhill, dev@…

Attachment: debug_queries.diff added

comment:1 Changed 13 years ago by Malcolm Tredinnick

Maybe we just want to trim this to the last three, five or ten queries? The connection.queries list could be hundreds of elements long, even in development.

comment:2 Changed 13 years ago by Adrian Holovaty

I'm not sure this is a good idea: it's a possible security hole. I've seen way too many public-facing Django sites with DEBUG set to True, which gives the public access to the debug pages, so I'd rather not display raw database queries in the debug error pages.

Maybe, as a compromise, the queries could be displayed only for requests from localhost? Or would that defeat the purpose?

comment:3 Changed 13 years ago by Simon Greenhill, dev@…

Adrian: I didn't think of that, but the entire Debug output is a security hole on a production website anyway - path info, cookie info, session id's, the region of code that died, etc are all listed. If anyone's stupid enough to run a production website with Debug turned on, then they kind of deserve what they get.

However, either locking it down to localhost only, or maybe have a setting to enable it (default -> disabled)?

comment:4 Changed 13 years ago by Adrian Holovaty

Closing because it's too much of a possible security hole.

comment:5 Changed 13 years ago by Adrian Holovaty

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.
Back to Top