id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26436	Error Reporting Howto should link to the sensitive keywords in the settings files	Mike Lissner	Tim Graham	"In the Error Reporting Howto, there's a section on ""Filtering sensitive information"" (https://docs.djangoproject.com/en/dev/howto/error-reporting/#filtering-sensitive-information), which describes how to use the @sensitive_variables decorator. 

The other place where variables leak is from the settings file, which has filtering of its own that hides any variable with a name matching:

    HIDDEN_SETTINGS = re.compile('API|TOKEN|KEY|SECRET|PASS|SIGNATURE', flags=re.IGNORECASE)

This is documented on the settings page (https://docs.djangoproject.com/en/1.7/ref/settings/#debug).

The howto should link to the settings page. I would make this change myself, but I can't figure out the RST formatting. 

A simple change would be to make the second paragraph of the Filtering section say something like:

However, sometimes certain types of information may be too sensitive and thus
may not be appropriate to be kept track of, for example a user's password or
credit card number. So in addition to filtering out settings that appear sensitive,
Django offers a set of function decorators to help you control which information 
should be filtered out of error reports in a production environment (that is, 
where :setting:`DEBUG` is set to ``False``):

With ""filtering out settings"" being a link to the settings page."	Cleanup/optimization	closed	Documentation	dev	Normal	fixed			Accepted	0	0	0	0	1	0