id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
3195	Documenting HIDDEN_SETTINGS	cmgreen@…	Jacob	"  Index: docs/settings.txt
  ===================================================================
  The HIDDEN_SETTINGS came in useful for a project where I was using REMOTE_USER_PASSWD and had the debug output pop up in a   demo.  If I had used PASSWORD, I would have not had that issue ;)

  --- docs/settings.txt   (revision 4248)
  +++ docs/settings.txt   (working copy)
  @@ -328,6 +328,13 @@

  A boolean that turns on/off debug mode.

  +If you define custom settings, django/views/debug.py has a
  +HIDDEN_SETTINGS regular expression which will hide from the DEBUG view
  +anything that matches ``'SECRET|PASSWORD|PROFANITIES_LIST'``.  Using this setting
  +allows untrusted users to be able to give backtraces without seeing
  +sensitive settings.
  +
  +
"	enhancement	new	Documentation	dev	normal				Unreviewed	1	0	0	0