Opened 3 months ago

Last modified 3 months ago

#35930 new Cleanup/optimization

Database password visible on debug page (view source only) — at Initial Version

Reported by: bytej4ck Owned by:
Component: Error reporting Version: dev
Severity: Normal Keywords: db, password, exposed
Cc: bytej4ck Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

In debug page view, secrets are not visible due to masked with '*' but in view page source db password is visible:
https://github.com/user-attachments/assets/a7504c2e-99b4-4268-8eab-1858742105ec

Password length: 99
Characters: All password requirements including all symbols.

According to the ticket's flags, the next step(s) to move this issue forward are:

  • To provide a patch by sending a pull request. Claim the ticket when you start working so that someone else doesn't duplicate effort. Before sending a pull request, review your work against the patch review checklist. Check the "Has patch" flag on the ticket after sending a pull request and include a link to the pull request in the ticket comment when making that update. The usual format is: [https://github.com/django/django/pull/#### PR].

Change History (1)

by bytej4ck, 3 months ago

Attachment: 2024-11-22_21-17.png added
Note: See TracTickets for help on using tickets.
Back to Top