On Sun, 29 May 2011 15:57:34 +0300, Fraser Nevett <[email protected]>
wrote:
On May 29, 5:22 am, Julien Phalip <[email protected]> wrote:
As a side thought, if this functionality does get implemented, would
it be feasible/desirable to have Django emit a warning to encourage
the developer to mark a view as sensitive if it detected a
forms.PasswordField (or any other FormField known to handle sensitive
data) being used by it? I'm not actually sure it's possible as a Form/
FormField doesn't directly know about the request, but I thought I'd
throw the idea out there anyway.
Perhaps something along the lines of how Django marks strings as safe /
need escaping for the template engine can be applied here. A
forms.PasswordField might mark its data as "sensitive", and that info
would flow up until the point it is being rendered by the debug templates,
printed to a log file, etc.
Yishai
--
You received this message because you are subscribed to the Google Groups "Django
developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
