Changes between Initial Version and Version 1 of Ticket #35930, comment 4
- Timestamp:
- Nov 23, 2024, 9:22:39 AM (4 weeks ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #35930, comment 4
initial v1 1 1 Thanks, that was enough for me to reproduce the issue. I can see how this violates least surprise if these are substantially the same settings already masked elsewhere in the debug view. 2 2 3 The initial wontfix (comment:5:ticket:21098) in a related ticket for masking sensitive POST parameters argued masking wouldn't be worthwhile (leaks developer's own secrets to developer, DEBUG page is documented as always potentially leaking information), but I can see how not masking database connection parameters violates least surprise given that these are substantially the same settings already masked elsewhere in the debug view.ticket:21098 was eventually fixed once there was a simpler implementation.3 The initial wontfix (comment:5:ticket:21098) in a related ticket for masking sensitive POST parameters argued masking wouldn't be worthwhile (leaks developer's own secrets to developer, DEBUG page is documented as always potentially leaking information), but ticket:21098 was eventually fixed once there was a simpler implementation. 4 4 5 5 Here is a potential tiny patch that I just confirmed fixes the issue, although it would be using `@sensitive_variables()` outside the context of a view, which I took to be the use case it was designed for: