Re: GDPR and parent domain cookies

[Carlton Gibson]

Hi Vasili and Micheal. 

I misread `SafeExceptionReporterFilter` as implementing the key 
`ExceptionReporter` method. 

I totally agree with the assessment. Have reopened and Accepted on that 
basis. 

Good work! Thank you! 

Carlton

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/fa8b4740-9b18-475a-aac0-a173dc70d5b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GDPR and parent domain cookies

[Michael Manfre]

It's possible to entirely control the emails that are sent out by defining
your own AdminEmailHandler and overriding the LOGGING configuration to use
it. I described how on the ticket. The process is a bit cumbersome if all
you want to do is replace the usage of ExceptionReporter and I think we
should improve that. I'm +1 on reopening the ticket to make it easier to
swap in a custom ExceptionReporter for AdminEmailHandler.

Regards,
Michael Manfre

On Mon, Aug 27, 2018 at 9:41 AM  wrote:

> Email error reports sent from Django (when DEBUG=False) include
> information about parent domain cookies, which may contain personal data.
> This may create issues related to the GDPR (the European General Data
> Protection Regulation), as one can't control the cookies from services
> hosted on parent domain(s), while it is necessary to provide full
> information about personal data handling to the user with the possibility
> to delete the data on request.
>
> In short words, to be GDPR-compliant, we should be able to exclude
> potentially risky data from the error reports.
>
> I created a ticket  in the
> Django bugtracker about introducing an option to hide cookies in error
> reports. It was pointed out to me, that it's possible to implement a custom
> "SafeExceptionReporterFilter", but i still think that the situation with
> the cookies should be clarified somehow explicitly in the "HowTo" section
> dedicated to error reporting.
>
> There is already a topic related to GDPR:
> https://groups.google.com/forum/#!topic/django-developers/Xhg-0JeDN50/discussion,
> but so far there hasn't been any discussion going on there.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/ef2ed833-2512-4105-9de4-77d33bc6c823%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAGdCwBtr2Lwjufvrc-6X-cGs%2B81-OuUeBCc-2PV9BwK0rR_E%3DQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

GDPR and parent domain cookies

[vakorol2000]

Email error reports sent from Django (when DEBUG=False) include information 
about parent domain cookies, which may contain personal data. This may 
create issues related to the GDPR (the European General Data Protection 
Regulation), as one can't control the cookies from services hosted on 
parent domain(s), while it is necessary to provide full information about 
personal data handling to the user with the possibility to delete the data 
on request.

In short words, to be GDPR-compliant, we should be able to exclude 
potentially risky data from the error reports.

I created a ticket  in the 
Django bugtracker about introducing an option to hide cookies in error 
reports. It was pointed out to me, that it's possible to implement a custom 
"SafeExceptionReporterFilter", but i still think that the situation with 
the cookies should be clarified somehow explicitly in the "HowTo" section 
dedicated to error reporting.

There is already a topic related to 
GDPR:  
https://groups.google.com/forum/#!topic/django-developers/Xhg-0JeDN50/discussion,
 
but so far there hasn't been any discussion going on there.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/ef2ed833-2512-4105-9de4-77d33bc6c823%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.