#3195 closed enhancement (fixed)
[patch] Documenting HIDDEN_SETTINGS
Reported by: | Owned by: | Jacob | |
---|---|---|---|
Component: | Documentation | Version: | dev |
Severity: | normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The HIDDEN_SETTINGS came in useful for a project where I was using REMOTE_USER_PASSWD and had the debug output pop up in a demo. If I had used PASSWORD, I would have not had that issue ;)
--- docs/settings.txt (revision 4248) +++ docs/settings.txt (working copy) @@ -328,6 +328,13 @@ A boolean that turns on/off debug mode. +If you define custom settings, django/views/debug.py has a +HIDDEN_SETTINGS regular expression which will hide from the DEBUG view +anything that matches ``'SECRET|PASSWORD|PROFANITIES_LIST'``. Using this setting +allows untrusted users to be able to give backtraces without seeing +sensitive settings. + +
Attachments (1)
Change History (7)
by , 18 years ago
Attachment: | django-hiddensettings.patch added |
---|
comment:1 by , 18 years ago
Summary: | Documenting HIDDEN_SETTINGS → [patch] Documenting HIDDEN_SETTINGS |
---|
comment:2 by , 18 years ago
Triage Stage: | Unreviewed → Ready for checkin |
---|
comment:4 by , 18 years ago
Patch needs improvement: | set |
---|---|
Triage Stage: | Ready for checkin → Accepted |
The patch puts the documentation in the section devoted to the DEBUG
setting. I think this isn't the best place for it. Better would be to have a full section of documentation (probably in a separate document) that is devoted to the debug page itself.
comment:5 by , 18 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:6 by , 13 years ago
Easy pickings: | unset |
---|---|
UI/UX: | unset |
In addition, shouldn't this be configurable in settings.py?
Note:
See TracTickets
for help on using tickets.
possible patch for hidden settings documentation