Opened 17 years ago

Closed 17 years ago

Last modified 12 years ago

#3195 closed enhancement (fixed)

[patch] Documenting HIDDEN_SETTINGS

Reported by: cmgreen@… Owned by: Jacob
Component: Documentation Version: dev
Severity: normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by Adrian Holovaty)

The HIDDEN_SETTINGS came in useful for a project where I was using REMOTE_USER_PASSWD and had the debug output pop up in a demo. If I had used PASSWORD, I would have not had that issue ;)

  --- docs/settings.txt   (revision 4248)
  +++ docs/settings.txt   (working copy)
  @@ -328,6 +328,13 @@

  A boolean that turns on/off debug mode.

  +If you define custom settings, django/views/debug.py has a
  +HIDDEN_SETTINGS regular expression which will hide from the DEBUG view
  +anything that matches ``'SECRET|PASSWORD|PROFANITIES_LIST'``.  Using this setting
  +allows untrusted users to be able to give backtraces without seeing
  +sensitive settings.
  +
  +

Attachments (1)

django-hiddensettings.patch (579 bytes ) - added by cmgreen@… 17 years ago.
possible patch for hidden settings documentation

Download all attachments as: .zip

Change History (7)

by cmgreen@…, 17 years ago

Attachment: django-hiddensettings.patch added

possible patch for hidden settings documentation

comment:1 by Chris Beaven, 17 years ago

Summary: Documenting HIDDEN_SETTINGS[patch] Documenting HIDDEN_SETTINGS

comment:2 by Simon G. <dev@…>, 17 years ago

Triage Stage: UnreviewedReady for checkin

comment:3 by Adrian Holovaty, 17 years ago

Description: modified (diff)

Fixed formatting in description.

comment:4 by Adrian Holovaty, 17 years ago

Patch needs improvement: set
Triage Stage: Ready for checkinAccepted

The patch puts the documentation in the section devoted to the DEBUG setting. I think this isn't the best place for it. Better would be to have a full section of documentation (probably in a separate document) that is devoted to the debug page itself.

comment:5 by Jacob, 17 years ago

Resolution: fixed
Status: newclosed

(In [4620]) Fixed #3195: added a note in settings.txt about DEBUG and HIDDEN_SETTINGS. Thanks, cmgreen@…

comment:6 by anonymous, 12 years ago

Easy pickings: unset
UI/UX: unset

In addition, shouldn't this be configurable in settings.py?

Note: See TracTickets for help on using tickets.
Back to Top