Comment 2 for bug 789863

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/02/2011 11:16 AM, Hanno Schlichting wrote:
> Hhm, I wonder if we should maybe override the requests __str__ (or
> whatever is called to publish it) with a version that reports very
> little information and doesn't leak anything.
>
> The request might commonly be referred to as request or REQUEST, but it
> could be reachable under any other variable name as well.
>
> I'm not aware of any code that relies on str(request) to work, but this
> needs investigation.

There is lots of debugging code which might use that (e.g., returning
the request from a PythonScript). What we want is to make the request
itself unpublishable, not unserializable.

Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 <email address hidden>
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3ntv0ACgkQ+gerLs4ltQ6X1wCgu3WV7xUwdBmBl04y9fPaYYxW
rdoAoMJjj8lYwSeljJC9oRHOm/pBo9Mf
=EfDA
-----END PGP SIGNATURE-----