Opened 18 years ago
Last modified 13 years ago
#3195 closed enhancement
Documenting HIDDEN_SETTINGS — at Initial Version
| Reported by: | Owned by: | Jacob | |
|---|---|---|---|
| Component: | Documentation | Version: | dev |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
Index: docs/settings.txt
===================================================================
The HIDDEN_SETTINGS came in useful for a project where I was using REMOTE_USER_PASSWD and had the debug output pop up in a demo. If I had used PASSWORD, I would have not had that issue ;)
--- docs/settings.txt (revision 4248)
+++ docs/settings.txt (working copy)
@@ -328,6 +328,13 @@
A boolean that turns on/off debug mode.
+If you define custom settings, django/views/debug.py has a
+HIDDEN_SETTINGS regular expression which will hide from the DEBUG view
+anything that matches'SECRET|PASSWORD|PROFANITIES_LIST'. Using this setting
+allows untrusted users to be able to give backtraces without seeing
+sensitive settings.
+
+
possible patch for hidden settings documentation