Changes between Initial Version and Version 1 of Ticket #35930, comment 4


Ignore:
Timestamp:
Nov 23, 2024, 9:22:39 AM (4 weeks ago)
Author:
Jacob Walls

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #35930, comment 4

    initial v1  
    11Thanks, that was enough for me to reproduce the issue. I can see how this violates least surprise if these are substantially the same settings already masked elsewhere in the debug view.
    22
    3 The initial wontfix (comment:5:ticket:21098) in a related ticket for masking sensitive POST parameters argued masking wouldn't be worthwhile (leaks developer's own secrets to developer, DEBUG page is documented as always potentially leaking information), but I can see how not masking database connection parameters violates least surprise given that these are substantially the same settings already masked elsewhere in the debug view. ticket:21098 was eventually fixed once there was a simpler implementation.
     3The initial wontfix (comment:5:ticket:21098) in a related ticket for masking sensitive POST parameters argued masking wouldn't be worthwhile (leaks developer's own secrets to developer, DEBUG page is documented as always potentially leaking information), but ticket:21098 was eventually fixed once there was a simpler implementation.
    44
    55Here is a potential tiny patch that I just confirmed fixes the issue, although it would be using `@sensitive_variables()` outside the context of a view, which I took to be the use case it was designed for:
Back to Top