mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #13624: added SIGNATURE to the list of settings to hide on debug pages.

Browse source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13315 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jacob Kaplan-Moss 2010-05-28 17:25:43 +00:00
parent 3180f93236
commit 2311bcbd01
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/ref/settings.txt
View file

@ -494,8 +494,9 @@ A boolean that turns on/off debug mode.
If you define custom settings, `django/views/debug.py`_ has a ``HIDDEN_SETTINGS``
regular expression which will hide from the DEBUG view anything that contains
``'SECRET'``, ``'PASSWORD'``, or ``'PROFANITIES'``. This allows untrusted users to
be able to give backtraces without seeing sensitive (or offensive) settings.
``'SECRET'``, ``'PASSWORD'``, ``'PROFANITIES'``, or ``'SIGNATURE'``. This allows
untrusted users to be able to give backtraces without seeing sensitive (or
offensive) settings.
Still, note that there are always going to be sections of your debug output that
are inappropriate for public consumption. File paths, configuration options, and