On Jun 1, 7:53 pm, Luke Plant <[email protected]> wrote: > Would it possible to make the sensitive decorator add some kind of > strategy object to the request, which itself is responsible for the > filtering, rather than a simple boolean flag?
The GET/POST parameters appearing in the error logs come from the HttpRequest's __repr__() method. So in fact my initial patch did let the HttpRequest itself take care of the obfuscation of sensitive GET/ POST parameters, in a similar way as with HIDDEN_SETTINGS and get_safe_settings in the django.views.debug module: https://code.djangoproject.com/attachment/ticket/14614/14614.obfuscate-request-parameters.diff https://code.djangoproject.com/ticket/14614#comment:6 However, Russell comment was that the issue here is purely related to debugging or logging business, and therefore the HttpRequest shouldn't have to be involved directly. This makes it difficult to have any fine- grained control over request parameters though. > The strategy object interface might be: > > class ExceptionReporterFilter(object): > def show_request(self, request): > # return True or False > > def filter_request_POST(self, request, post_dict): > # if show_request is True, this is passed request.POST > # and returns a sanitised version > > def show_traceback(self, request): > # True or false > > def show_traceback_vars(self, request): > # called only if show_traceback() returns True > > def filter_traceback_vars(self, request, tb_frame, vars): > # filters vars to be shown at each level. > > OK, could get carried away there - maybe we should start simple, e.g. > just 'show_request' and 'show_traceback_vars'. But something like that > would allow us to provide a working 'sensitive' decorator, but with a > mechanism that allows for something more fine-grained, and allows us to > add more features to it easily in the future. For the admin and CBVs it > would work as well, since there are always places you can override a > method and attach something to the request object. I quite like this and will try it in a new patch. Thanks for the feedback! Julien -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
