Should filter out things like user password and session cookies
Bug #928468 reported by
James Westby
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-timeline-django |
Fix Released
|
High
|
Unassigned |
Bug Description
There should be built-in oops filters to redact users passwords, session cookies, etc. that
are part of Django, so that oopses can be shared with reduced worry about what someone
can do with the information they contain.
Some inspiration for how to do this can probably be found in Launchpad (queries to the
session db are redacted there.)
Some helpers for doing this would probably be useful as well, so projects using timeline-django
can easily add their own filters when needed.
Thanks,
James
Changed in python-timeline-django: | |
status: | New → Triaged |
importance: | Undecided → High |
To post a comment you must log in.
Hi James. Just in case it's useful, you can see how Django approaches this for displaying tracebacks (during DEBUG mode):
https:/ /docs.djangopro ject.com/ en/1.3/ ref/settings/ #debug
(follow the link to the actual code). Also, something we inherited from the ISD folk (I think ricardo initially) that may help (and atleast, that we'll be able to replace with timeline-django I assume!):
http:// bazaar. launchpad. net/~rnr- developers/ rnr-server/ trunk/view/ head:/src/ reviewsapp/ middleware/ exception. py