Opened 9 years ago

Closed 8 years ago

Last modified 3 years ago

#3195 closed enhancement (fixed)

[patch] Documenting HIDDEN_SETTINGS

Reported by: cmgreen@… Owned by: jacob
Component: Documentation Version: master
Severity: normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by adrian)

The HIDDEN_SETTINGS came in useful for a project where I was using REMOTE_USER_PASSWD and had the debug output pop up in a demo. If I had used PASSWORD, I would have not had that issue ;)

  --- docs/settings.txt   (revision 4248)
  +++ docs/settings.txt   (working copy)
  @@ -328,6 +328,13 @@

  A boolean that turns on/off debug mode.

  +If you define custom settings, django/views/debug.py has a
  +HIDDEN_SETTINGS regular expression which will hide from the DEBUG view
  +anything that matches ``'SECRET|PASSWORD|PROFANITIES_LIST'``.  Using this setting
  +allows untrusted users to be able to give backtraces without seeing
  +sensitive settings.
  +
  +

Attachments (1)

django-hiddensettings.patch (579 bytes) - added by cmgreen@… 9 years ago.
possible patch for hidden settings documentation

Download all attachments as: .zip

Change History (7)

Changed 9 years ago by cmgreen@…

possible patch for hidden settings documentation

comment:1 Changed 9 years ago by SmileyChris

  • Summary changed from Documenting HIDDEN_SETTINGS to [patch] Documenting HIDDEN_SETTINGS

comment:2 Changed 8 years ago by Simon G. <dev@…>

  • Triage Stage changed from Unreviewed to Ready for checkin

comment:3 Changed 8 years ago by adrian

  • Description modified (diff)

Fixed formatting in description.

comment:4 Changed 8 years ago by adrian

  • Patch needs improvement set
  • Triage Stage changed from Ready for checkin to Accepted

The patch puts the documentation in the section devoted to the DEBUG setting. I think this isn't the best place for it. Better would be to have a full section of documentation (probably in a separate document) that is devoted to the debug page itself.

comment:5 Changed 8 years ago by jacob

  • Resolution set to fixed
  • Status changed from new to closed

(In [4620]) Fixed #3195: added a note in settings.txt about DEBUG and HIDDEN_SETTINGS. Thanks, cmgreen@…

comment:6 Changed 3 years ago by anonymous

  • Easy pickings unset
  • UI/UX unset

In addition, shouldn't this be configurable in settings.py?

Note: See TracTickets for help on using tickets.
Back to Top