#3195: Documenting HIDDEN_SETTINGS
-----------------------------+----------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: jacob
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Documentation | Version: SVN
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
Index: docs/settings.txt
===================================================================
The HIDDEN_SETTINGS came in useful for a project where I was using
REMOTE_USER_PASSWD and had the debug output pop up in a demo. If I had
used PASSWORD, I would have not had that issue ;)
--- docs/settings.txt (revision 4248)
+++ docs/settings.txt (working copy)
@@ -328,6 +328,13 @@
A boolean that turns on/off debug mode.
+If you define custom settings, django/views/debug.py has a
+HIDDEN_SETTINGS regular expression which will hide from the DEBUG view
+anything that matches ``'SECRET|PASSWORD|PROFANITIES_LIST'``. Using
this setting
+allows untrusted users to be able to give backtraces without seeing
+sensitive settings.
+
+
--
Ticket URL: <http://code.djangoproject.com/ticket/3195>
Django <http://code.djangoproject.org/>
The web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django
updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
