id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
3195	[patch] Documenting HIDDEN_SETTINGS	cmgreen@…	Jacob	"The HIDDEN_SETTINGS came in useful for a project where I was using REMOTE_USER_PASSWD and had the debug output pop up in a   demo.  If I had used PASSWORD, I would have not had that issue ;)

{{{
  --- docs/settings.txt   (revision 4248)
  +++ docs/settings.txt   (working copy)
  @@ -328,6 +328,13 @@

  A boolean that turns on/off debug mode.

  +If you define custom settings, django/views/debug.py has a
  +HIDDEN_SETTINGS regular expression which will hide from the DEBUG view
  +anything that matches ``'SECRET|PASSWORD|PROFANITIES_LIST'``.  Using this setting
  +allows untrusted users to be able to give backtraces without seeing
  +sensitive settings.
  +
  +
}}}"	enhancement	closed	Documentation	dev	normal	fixed			Accepted	1	0	0	1	0	0