Re: Issue 2066 in reviewboard: DEBUG output should be disabled by default

[reviewboard]

Updates:
Status: NotABug

Comment #1 on issue 2066 by chip...@gmail.com: DEBUG output should be  
disabled by default

http://code.google.com/p/reviewboard/issues/detail?id=2066

So it's off by default in any generated config, but if your config is  
really old, that line may not be there by default. We do enable DEBUG by  
default in settings.py, but any generated site install created by rb-site  
will not have debug on. So I think this is just something that needs to be  
dealt with in this specific instance.


--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To post to this group, send email to reviewboard-issues@googlegroups.com.
To unsubscribe from this group, send email to 
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/reviewboard-issues?hl=en.

Issue 2066 in reviewboard: DEBUG output should be disabled by default

[reviewboard]

Status: New
Owner: 
Labels: Type-Defect Priority-Medium

New issue 2066 by d...@vidsolbach.de: DEBUG output should be disabled by  
default

http://code.google.com/p/reviewboard/issues/detail?id=2066

* NOTE: Do not post confidential information in this bug report. *
*   If you need immediate support, please contact*
*   reviewbo...@googlegroups.com *

What version are you running?

1.5.5

What's the URL of the page containing the problem?

http://git.reviewboard.kde.org/

Please provide any additional information below.

A user of our reviewboard instance was presented a django exception when he  
uploaded a broken diff. He states, that this debug output should not be  
disabled on production sites. (i.e. in the reviewboard release)


He wrote:

---
I'm reopenning because I am not sure if you will get the notification  
otherwise

(which means feel free to close it again :) )

I have some django experience. This debug output is useless for people that  
are

not maintainers of the web application. Those messages can be mailed to the
maintainer or logged somewhere. Furthermore, according to django docs [1]
having that enabled is a security leak, as it provides detailed info about  
the

system and various other data that should be hidden to non-admins.

But that is not the reason I filled the bug. The problem is that I managed  
to

crash the reviewboard instance (I provide steps to reproduce). This is not
something you can fix though, it should be fixed by upstream, but I kindly
request you to do it for me, as it may be related to your configuration (eg
python/django version).

BTW I want to point out that the specific patch was sent by mail to the
kaffeine maintainers, so there is no rush from my point for it. Even if you
don't want to deal with this bug, that is totally acceptable too.

[1] http://docs.djangoproject.com/en/dev/ref/settings/#debug
---

Can you confirm this? It might be better to set DEBUG = False in  
settings.py in the release?


Best Regards,

David


--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To post to this group, send email to reviewboard-issues@googlegroups.com.
To unsubscribe from this group, send email to 
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/reviewboard-issues?hl=en.