It is quite difficult, and damn near impossible to debug something that is
throwing an error when you don't know what inside the variable is causing
the error. (such as the httplib response from a external server)
I understand where you are comming on from a security standpoint, however
there is no way you could stop a developer from going mail_to('
[email protected]', request.vars.username, request.vars.password)
Django displays large variables, and if they are something like a
dictionary, there is even an add-on module that will do tree-view folding of
your variables.
Perhaps there should be another level above Administrator, such as
Developer, only "Developers" can gain access to the variable trace, and
"Administrators" would only get to see a stack trace, or just be notified
that there was an error.
And just as web2py will disallow admin access when its in a production
environment, it could set DEBUG=False if its not running on localhost ?
-Thadeus
On Sun, Sep 13, 2009 at 2:09 PM, weheh <[email protected]> wrote:
>
> I think this is a useful suggestion. If the developer sets DEBUG=False
> then there should be no variable trace. DEBUG=False should be the
> default. If the developer sets DEBUG=True and forgets that in the
> production version, well, caveat emptor.
>
> On Sep 13, 2:21 pm, mdipierro <[email protected]> wrote:
> > I understand. from a technical point of view this would be easy to add
> > but there are two problems:
> > 1) some variables may be very large and this would make tickets very
> > big. How does Django handle it? Does it ignore large variables?
> > 2) some of he variables may contain user information that
> > administrator should not get access to (for example
> > request.vars.password). There may be privacy issues in logging vars
> > into tickets. If this were the default it would make web2py non-
> > complaint with privacy standard whatever your application does.
> >
> > Any idea?
> >
> > Massimo
> >
> > On Sep 13, 1:11 pm, Thadeus Burgess <[email protected]> wrote:
> >
> > > When django runs into an error, it gives you the values of all
> variables
> > > during the stack track, when you have debug = True.
> >
> > > Example: (You get code snippet, and all local variables at that
> snippet.)
> > > Traceback Switch to copy-and-paste view<
> http://aichronicles.com/projects/tag/#>
> >
> > > -
> > >
>
> /home/thadeusb/.myroot/usr/lib/python2.5/site-packages/django/core/handlers/base.pyin
> > > get_response
> > > 1.
> > > 2. # Complain if the view returned None (a common error).
> > > 3. if response is None:
> > > 4. try:
> > > 5. view_name = callback.func_name # If it's a function
> > > 6. except AttributeError:
> > > 7. view_name = callback.__class__.__name__ + '.__call__' # If
> it's a
> > > class
> > > 1. raise ValueError, "The view %s.%s didn't return an HttpResponse
> > > object." % (callback.__module__, view_name) ...
> > > 1.
> > > 2. return response
> > > 3. except http.Http404, e:
> > > 4. if settings.DEBUG:
> > > 5. from django.views import debug
> > > 6. return debug.technical_404_response(request, e)
> > > ▼ Local vars <http://aichronicles.com/projects/tag/#>
> > > Variable Value callback <function tag at 0xb4f8fb1c>
> > > callback_args ()
> > > callback_kwargs {'url': u''}
> > > exc_info (<type 'exceptions.ValueError'>, ValueError("The view
> > > thadeusb.project.views.tag didn't return an HttpResponse object.",),
> > > <traceback object at 0xb4f3a784>)
> > > exceptions <module 'django.core.exceptions' from
> > >
>
> '/home/thadeusb/.myroot/usr/lib/python2.5/site-packages/django/core/exceptions.pyc'>
> > > middleware_method <bound method
> AuthenticationMiddleware.process_request
> > > of <django.contrib.auth.middleware.AuthenticationMiddleware object
> at
> > > 0xb524c1cc>>
> > > receivers [(<function _rollback_on_exception at 0xb5168b54>, None)]
> > > request <WSGIRequest GET:<QueryDict: {}>, POST:<QueryDict: {}>,
> > > COOKIES:{'sessionid': '00d386b0d7c15244e89f9d38ffcb588f'},
> META:{'DH_USER':
> > > 'thadeusb', 'DOCUMENT_ROOT': '/home/thadeusb/sites/aichronicles.com
> ',
> > > 'GATEWAY_INTERFACE': 'CGI/1.1', 'HTTP_ACCEPT':
> > > 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
> > > 'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
> > > 'HTTP_ACCEPT_ENCODING': 'gzip,deflate', 'HTTP_ACCEPT_LANGUAGE':
> > > 'en-us,en;q=0.5', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE':
> > > 'sessionid=00d386b0d7c15244e89f9d38ffcb588f', 'HTTP_HOST': '
> > > aichronicles.com', 'HTTP_KEEP_ALIVE': '300', 'HTTP_REFERER': '
> > > http://aichronicles.com/projects/', 'HTTP_USER_AGENT': 'Mozilla/5.0
> (X11;
> > > U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090804 Firefox/3.5.2',
> 'PATH':
> > > '/bin:/usr/bin:/sbin:/usr/sbin', 'PATH_INFO': u'/projects/tag/',
> > > 'PATH_TRANSLATED': '/home/thadeusb/sites/
> aichronicles.com/projects/tag/',
> > > 'QUERY_STRING': '', 'REDIRECT_DH_USER': 'thadeusb',
> 'REDIRECT_SCRIPT_URI': '
> > > http://aichronicles.com/projects/tag/', 'REDIRECT_SCRIPT_URL':
> > > '/projects/tag/', 'REDIRECT_STATUS': '200', 'REDIRECT_UNIQUE_ID':
> > > 'a6gLAtBxlNEAAEvNPEQAAAAD', 'REDIRECT_URL': '/projects/tag/',
> > > 'REDIRECT_ds_id_9498040': '', 'REDIRECT_dsid': '9498040',
> 'REMOTE_ADDR':
> > > '75.27.133.239', 'REMOTE_PORT': '49955', 'REQUEST_METHOD': 'GET',
> > > 'REQUEST_URI': '/projects/tag/', 'SCRIPT_FILENAME':
> '/home/thadeusb/sites/
> > > aichronicles.com/dispatch.fcgi', 'SCRIPT_NAME': u'', 'SCRIPT_URI':
> '
> > > http://aichronicles.com/projects/tag/', 'SCRIPT_URL':
> '/projects/tag/',
> > > 'SERVER_ADDR': '208.113.148.201', 'SERVER_ADMIN': '
> > > [email protected]', 'SERVER_NAME': 'aichronicles.com',
> > > 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.1',
> 'SERVER_SIGNATURE': '',
> > > 'SERVER_SOFTWARE': 'Apache', 'UNIQUE_ID':
> 'a6gLAtBxlNEAAEvNPEQAAAAD',
> > > 'ds_id_9498040': '', 'dsid': '9498040', 'wsgi.errors':
> > > <flup.server.fcgi_base.OutputStream object at 0xb4f386ec>,
> 'wsgi.input':
> > > <flup.server.fcgi_base.InputStream object at 0xb4f3856c>,
> > > 'wsgi.multiprocess': False, 'wsgi.multithread': True,
> 'wsgi.run_once':
> > > False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}>
> > > resolver <RegexURLResolver thadeusb.urls ^/>
> > > response None
> > > self <django.core.handlers.wsgi.WSGIHandler object at 0xb7c0ac0c>
> > > settings <django.conf.LazySettings object at 0xb7b5eb2c>
> > > urlconf 'thadeusb.urls'
> > > urlresolvers <module 'django.core.urlresolvers' from
> > >
>
> '/home/thadeusb/.myroot/usr/lib/python2.5/site-packages/django/core/urlresolvers.pyc'>
> > > view_name 'tag'
> >
> > > Environment: Request Method: GET Request URL:
> http://aichronicles.com/projects/tag/DjangoVersion: 1.0.2 final Python
> > > Version: 2.5.2 Installed Applications: ['django.contrib.auth',
> > > 'django.contrib.contenttypes', 'django.contrib.sessions',
> > > 'django.contrib.sites', 'django.contrib.admin',
> 'django.contrib.comments',
> > > 'thadeusb.common', 'thadeusb.pages', 'thadeusb.blog',
> 'thadeusb.search',
> > > 'thadeusb.project'] Installed Middleware:
> > > ('django.middleware.common.CommonMiddleware',
> > > 'django.contrib.sessions.middleware.SessionMiddleware',
> > > 'django.contrib.auth.middleware.AuthenticationMiddleware',
> > > 'thadeusb.pages.middleware.FlatpageFallbackMiddleware') Traceback: File
> > >
> "/home/thadeusb/.myroot/usr/lib/python2.5/site-packages/django/core/handlers/base.py"
> > > in get_response 103. raise ValueError, "The view %s.%s didn't return an
> > > HttpResponse object." % (callback.__module__, view_name) Exception
> Type:
> > > ValueError at /projects/tag/ Exception Value: The view
> > > thadeusb.project.views.tag didn't return an HttpResponse object.
> >
> > > Request information GET
> >
> > > No GET data
> > > POST
> >
> > > No POST data
> > > COOKIES Variable Value sessionid '00d386b0d7c15244e89f9d38ffcb588f'
> > > META Variable Value DH_USER
> > > DOCUMENT_ROOT
> > > GATEWAY_INTERFACE 'CGI/1.1'
> > > HTTP_ACCEPT
> > > 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
> > > HTTP_ACCEPT_CHARSET 'ISO-8859-1,utf-8;q=0.7,*;q=0.7'
> > > HTTP_ACCEPT_ENCODING 'gzip,deflate'
> > > HTTP_ACCEPT_LANGUAGE 'en-us,en;q=0.5'
> > > HTTP_CONNECTION 'keep-alive'
> > > HTTP_COOKIE 'sessionid=00d386b0d7c15244e89f9d38ffcb588f'
> > > HTTP_HOST
> > > HTTP_KEEP_ALIVE
> > > HTTP_REFERER
> > > HTTP_USER_AGENT 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2)
> > > Gecko/20090804 Firefox/3.5.2'
> > > PATH
> > > PATH_INFO
> > > PATH_TRANSLATED
> > > QUERY_STRING
> > > REDIRECT_DH_USER
> > > REDIRECT_SCRIPT_URI
> > > REDIRECT_SCRIPT_URL '/projects/tag/'
> > > REDIRECT_STATUS '200'
> > > REDIRECT_UNIQUE_ID
> > > REDIRECT_URL '/projects/tag/'
> > > REDIRECT_ds_id_9498040 ''
> > > REDIRECT_dsid
> > > REMOTE_ADDR
> > > REMOTE_PORT
> > > REQUEST_METHOD 'GET'
> > > REQUEST_URI '/projects/tag/'
> > > SCRIPT_FILENAME
> > > SCRIPT_NAME
> > > SCRIPT_URI
> > > SCRIPT_URL '/projects/tag/'
> > > SERVER_ADDR
> > > SERVER_ADMIN
> > > SERVER_NAME
> > > SERVER_PORT
> > > SERVER_PROTOCOL
> > > SERVER_SIGNATURE
> > > SERVER_SOFTWARE
> > > UNIQUE_ID
> > > ds_id_9498040
> > > dsid
> > > wsgi.errors
> > > wsgi.input
> > > wsgi.multiprocess
> > > wsgi.multithread
> > > wsgi.run_once
> > > wsgi.url_scheme
> > > wsgi.version
> >
> > > On Sun, Sep 13, 2009 at 10:04 AM, mdipierro <[email protected]>
> wrote:
> > > > re I understand. Did you look into the python trac
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
