Hi, Recently I've been a bit embarrassed to receive a 500-error email report containing a client of mine's password displayed in clear because the admin login view had encountered an unhandled exception. This is probably OK in a debug environment but in production this can potentially have damaging consequences when handling passwords, credit card numbers, etc. It may also go against certain policies and standards such as the PCI-DSS (http://en.wikipedia.org/wiki/ Payment_Card_Industry_Data_Security_Standard).
There is already an open ticket to address this issue: https://code.djangoproject.com/ticket/14614 I first wrote a patch allowing a lot of granularity to control which POST/GET parameters should get obfuscated when producing the error logs: https://code.djangoproject.com/attachment/ticket/14614/14614.obfuscate-request-parameters.diff Russell pointed out that this implementation approach was overly complicated. It also doesn't address the stack frame variables being logged in some situations. So I've posted another patch with a more radical approach, where all stack frame variables and the request's information are systematically and entirely omitted from the logs for exceptions occurring in views marked with the @sensitive decorator: https://code.djangoproject.com/attachment/ticket/14614/14614.sensitive-request.diff Perhaps the ideal solution lies somewhere between the two approaches. The default loggers should also probably provide this protection by default but still allow easy customisation/overriding of this behaviour, for example for debugging purposes in safe environments. I'm bringing this up to the dev-list as I'm keen to hear if someone is interested in this problem and has suggestions towards a robust solution. It is a pretty serious issue that I hope can be resolved by the 1.4 release. Many thanks, Julien -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
